NodeJS/ssh2/0.5.5

SSH2 client and server modules written in pure JavaScript for node.js

Repo Link: https://www.npmjs.com/package/ssh2
License: MIT

1 Security Vulnerabilities

OS Command Injection in ssh2

Published date: 2021-09-21T16:50:46Z

CVE: CVE-2020-26301

Links:

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.

Affected versions: ["0.0.0", "0.0.1", "0.0.2", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.2.20", "0.2.21", "0.2.22", "0.2.23", "0.2.24", "0.2.25", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4", "0.4.5", "0.4.6", "0.4.7", "0.4.8", "0.4.9", "0.4.10", "0.4.11", "0.4.12", "0.4.13", "0.4.14", "0.4.15", "0.5.0", "0.5.1", "0.5.2", "0.5.3", "0.5.4", "0.5.5", "0.6.0", "0.6.1", "0.6.2", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.7", "0.8.8", "0.8.9", "1.0.0", "1.1.0", "1.2.0", "1.3.0"]

Secure versions: [1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0]

Recommendation: Update to version 1.15.0.

104 Other Versions

Version	License	Security	Released
0.1.0	MIT	1	2012-11-18 - 22:36	over 11 years
0.0.2	MIT	1	2012-11-15 - 14:16	over 11 years
0.0.1	MIT	1	2012-11-11 - 23:02	over 11 years
0.0.0	MIT	1	2012-08-03 - 08:52	over 11 years