NodeJS/ssh2/0.2.23

SSH2 client and server modules written in pure JavaScript for node.js

Repo Link: https://www.npmjs.com/package/ssh2
License: MIT

1 Security Vulnerabilities

OS Command Injection in ssh2

Published date: 2021-09-21T16:50:46Z

CVE: CVE-2020-26301

Links:

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.

Affected versions: ["0.0.0", "0.0.2", "0.1.0", "0.1.3", "0.1.4", "0.1.6", "0.1.7", "0.1.11", "0.1.12", "0.1.13", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.8", "0.2.10", "0.2.11", "0.2.12", "0.2.16", "0.2.18", "0.2.19", "0.2.21", "0.2.22", "0.2.24", "0.3.1", "0.3.2", "0.3.3", "0.3.5", "0.3.6", "0.4.2", "0.4.3", "0.4.7", "0.4.10", "0.4.11", "0.4.12", "0.4.14", "0.4.15", "0.5.0", "0.5.2", "0.6.0", "0.6.1", "0.7.0", "0.8.0", "0.8.4", "0.8.7", "0.8.8", "1.1.0", "1.2.0", "1.3.0", "0.0.1", "0.1.1", "0.1.2", "0.1.5", "0.1.8", "0.1.9", "0.1.10", "0.2.7", "0.2.9", "0.2.13", "0.2.14", "0.2.15", "0.2.17", "0.2.20", "0.2.23", "0.2.25", "0.3.0", "0.3.4", "0.4.0", "0.4.1", "0.4.4", "0.4.5", "0.4.6", "0.4.8", "0.4.9", "0.4.13", "0.5.1", "0.5.3", "0.5.4", "0.5.5", "0.6.2", "0.7.1", "0.7.2", "0.8.1", "0.8.2", "0.8.3", "0.8.5", "0.8.6", "0.8.9", "1.0.0"]

Secure versions: [1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0]

Recommendation: Update to version 1.16.0.

105 Other Versions

Version	License	Security	Released
0.4.4	MIT	1	2015-02-10 - 05:21	over 10 years
0.4.3	MIT	1	2015-02-08 - 17:36	over 10 years
0.4.2	MIT	1	2015-02-03 - 03:07	over 10 years
0.4.1	MIT	1	2015-02-01 - 23:04	over 10 years
0.4.0	MIT	1	2015-02-01 - 04:11	over 10 years
0.3.6	MIT	1	2014-08-27 - 23:54	almost 11 years
0.3.5	MIT	1	2014-08-17 - 17:10	almost 11 years
0.3.4	MIT	1	2014-07-16 - 13:11	almost 11 years
0.3.3	MIT	1	2014-07-02 - 14:33	about 11 years
0.3.2	MIT	1	2014-06-26 - 14:18	about 11 years
0.3.1	MIT	1	2014-06-26 - 13:50	about 11 years
0.3.0	MIT	1	2014-06-18 - 20:25	about 11 years
0.2.25	MIT	1	2014-05-27 - 13:35	about 11 years
0.2.24	MIT	1	2014-05-24 - 18:24	about 11 years
0.2.23	MIT	1	2014-05-06 - 12:24	about 11 years
0.2.22	MIT	1	2014-04-17 - 03:53	about 11 years
0.2.21	MIT	1	2014-03-29 - 05:02	over 11 years
0.2.20	MIT	1	2014-03-18 - 03:47	over 11 years
0.2.19	MIT	1	2014-03-04 - 16:58	over 11 years
0.2.18	MIT	1	2014-02-25 - 21:59	over 11 years
0.2.17	MIT	1	2014-01-23 - 19:26	over 11 years
0.2.16	MIT	1	2014-01-07 - 15:07	over 11 years
0.2.15	MIT	1	2013-12-31 - 20:15	over 11 years
0.2.14	MIT	1	2013-11-13 - 03:17	over 11 years
0.2.13	MIT	1	2013-11-07 - 14:12	over 11 years
0.2.12	MIT	1	2013-08-08 - 18:04	almost 12 years
0.2.11	MIT	1	2013-07-23 - 14:03	almost 12 years
0.2.10	MIT	1	2013-07-14 - 03:22	almost 12 years
0.2.9	MIT	1	2013-06-14 - 16:52	about 12 years
0.2.8	MIT	1	2013-06-11 - 19:29	about 12 years
0.2.7	MIT	1	2013-05-30 - 16:02	about 12 years
0.2.6	MIT	1	2013-05-28 - 19:40	about 12 years
0.2.5	MIT	1	2013-04-12 - 23:32	about 12 years
0.2.4	MIT	1	2013-04-12 - 15:34	about 12 years
0.2.3	MIT	1	2013-04-04 - 01:07	over 12 years
0.2.2	MIT	1	2013-04-02 - 14:04	over 12 years
0.2.1	MIT	1	2013-03-29 - 05:36	over 12 years
0.2.0	MIT	1	2013-03-27 - 13:31	over 12 years
0.1.13	MIT	1	2013-02-09 - 14:57	over 12 years
0.1.12	MIT	1	2013-01-24 - 14:15	over 12 years
0.1.11	MIT	1	2013-01-12 - 06:33	over 12 years
0.1.10	MIT	1	2013-01-11 - 20:28	over 12 years
0.1.9	MIT	1	2013-01-01 - 00:58	over 12 years
0.1.8	MIT	1	2012-12-13 - 17:52	over 12 years
0.1.7	MIT	1	2012-12-04 - 17:24	over 12 years
0.1.6	MIT	1	2012-12-02 - 02:01	over 12 years
0.1.5	MIT	1	2012-12-01 - 21:40	over 12 years
0.1.4	MIT	1	2012-12-01 - 04:47	over 12 years
0.1.3	MIT	1	2012-11-26 - 23:53	over 12 years
0.1.2	MIT	1	2012-11-25 - 18:12	over 12 years