scp in OpenSSH up to and including 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh 8.3 |
||
openbsd openssh |
||
netapp a700s_firmware - |
||
netapp steelstore cloud integrated storage - |
||
netapp active iq unified manager |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp hci storage node - |
||
netapp hci compute node - |
||
broadcom fabric operating system - |