CVE
CVE-2020-15778
| CVE ID |
CVE-2020-15778
|
|---|---|
| CVSS Score |
7.4
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
openssh-7.4p1-23_ol004.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2020-15778
- Backported patch to address CVE-2020-15778
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."