ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-04T15:56:04.459Z

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-20T20:15:11.513

Modified: 2024-11-21T05:19:48.493

Link: CVE-2020-26301

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-09-20T00:00:00Z

Links: CVE-2020-26301 - Bugzilla

cve-icon OpenCVE Enrichment

No data.