CVE-2020-15778
ADVISORY - nistSummary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
EPSS Score: 0.00591 (0.787)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADVISORY - redhat
Improper Neutralization of Special Elements used in a Command ('Command Injection')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Alma
CREATED
UPDATED
ADVISORY IDALSA-2024:3166
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
Oracle
CREATED
UPDATED
ADVISORY IDELSA-2024-3166
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2020-15778
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-