VDB

DEBIAN-CVE-2020-15778

DEBIAN-CVE-2020-15778 PUBLISHED CVSS 7.400000095367432 HIGH

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14openssh1:10.2p1-2, 1:10.2p1-1, 1:10.1p1-2
Debian:12openssh1:9.2p1-2+deb12u8, 1:9.2p1-2+deb12u9, 1:9.3p1-1
Debian:11openssh1:9.6p1-2, 0, 10.0
Debian:13openssh*, *, *

Timeline

  • Jul 24, 2020 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›