VDB
DEBIAN-CVE-2020-15778
DEBIAN-CVE-2020-15778
PUBLISHED
CVSS 7.400000095367432 HIGH
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | openssh | 1:10.2p1-2, 1:10.2p1-1, 1:10.1p1-2 |
| Debian:12 | openssh | 1:9.2p1-2+deb12u8, 1:9.2p1-2+deb12u9, 1:9.3p1-1 |
| Debian:11 | openssh | 1:9.6p1-2, 0, 10.0 |
| Debian:13 | openssh | *, *, * |
Timeline
- Jul 24, 2020 CVE Published
- Apr 28, 2026 CVE Updated