Unrated severityNVD Advisory· Published Jan 27, 2021· Updated Aug 3, 2024
CVE-2021-3331
CVE-2021-3331
Description
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WinSCP/WinSCPdescription
Patches
Vulnerability mechanics
References
4- github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688dmitrex_refsource_MISC
- winscp.net/eng/docs/historymitrex_refsource_MISC
- winscp.net/eng/docs/rawsettingsmitrex_refsource_MISC
- winscp.net/tracker/1943mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.