CVE-2020-26301CRITICALCVSS 10.0fixed in 1.4.02021-09-20
CVE-2020-26301 [CRITICAL] CWE-78 CVE-2020-26301: ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
cvelistv5nvd