CVE-2020-15778
HIGH7.4EPSS 64.3%發布日:2020/7/24修改日:2025/12/3
也稱為:ALPINE-CVE-2020-15778DEBIAN-CVE-2020-15778
描述
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
受影響套件(2)
- Alpine/opensshfrom 0, < 8.3_p1-r0
- Debian/opensshfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |