CVE-2020-26301
published 2021-09-20CVE-2020-26301: ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue…
PriorityP266critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
3.83%
88.8th percentile
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mscdex | ssh2 | < 1.4.0 | 1.4.0 |
| ssh | ssh2 | >= 0 < 1.4.0 | 1.4.0 |
| ssh2_project | ssh2 | < 1.4.0 | 1.4.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists only on Windows platforms in the ssh2 Node.js library before version 1.4.0; detection should focus on Windows hosts running vulnerable ssh2 versions ↗
- →Flag use of ssh2 npm package versions prior to 1.4.0 on Windows nodes, particularly in OpenShift/NooBaa deployments ↗
- →Monitor noobaa-core-container in Red Hat OpenShift Data Foundation 4 environments for exploitation attempts, as it is a confirmed affected package ↗
- ·Exploitation is Windows-only; Linux/macOS deployments of ssh2 are not affected by this command injection vector ↗
- ·The vulnerability is triggered only when a caller passes untrusted input to the specific vulnerable method; safe/trusted input usage is not exploitable ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OS Command Injection in ssh2
osv·2021-09-21
CVE-2020-26301 [HIGH] OS Command Injection in ssh2
OS Command Injection in ssh2
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
GHSA
OS Command Injection in ssh2
ghsa·2021-09-21
CVE-2020-26301 [HIGH] CWE-78 OS Command Injection in ssh2
OS Command Injection in ssh2
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
Red Hat
nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
vendor_redhat·2021-09-20·CVSS 7.5
CVE-2020-26301 [HIGH] CWE-78 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity.
Statement: This issue affects ssh2 as shipped with all versions of Red Hat Openshift Container Storage and Red Hat Openshift Data Foun
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/https://www.npmjs.com/package/ssh2https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/https://www.npmjs.com/package/ssh2
2021-09-20
Published