node-scp icon indicating copy to clipboard operation
node-scp copied to clipboard

Published 20 hours ago verified publisher icon ecto

huntr.dev - Code Injection

Open huntr-helper opened this issue 4 years ago • 0 comments

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Vulnerability Description

Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. The issue arises here: https://github.com/ecto/node-scp/blob/master/scp.js#L22

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/

huntr-helper avatar May 08 '20 11:05 huntr-helper