Command Injection Vulnerability in ssh2 (Windows Only)

Command Injection Vulnerability in ssh2 (Windows Only)

CVE-2020-26301 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.

Learn more about our Cis Benchmark Audit For Server Software.