VDB
ALPINE-CVE-2020-15778
ALPINE-CVE-2020-15778
PUBLISHED
CVSS 7.400000095367432 HIGH
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Risk Scores
CVSS v3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.19 | openssh | 0, 5.1_p1-r1, * |
| Alpine:v3.20 | openssh | *, 0, 5.1_p1-r1 |
| Alpine:v3.21 | openssh | 5.9_p1-r2, 5.1_p1-r2, 5.1p1-r0 |
| Alpine:v3.22 | openssh | 8.2, 0, 5.1_p1-r1 |
| Alpine:v3.23 | openssh | 5.1_p1-r1, 5.1_p1-r2, 5.1p1-r0 |
Timeline
- Jul 24, 2020 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch