VYPR

npm package

ssh2

pkg:npm/ssh2

Vulnerabilities (1)

  • CVE-2020-26301HigSep 20, 2021
    affected < 1.4.0fixed 1.4.0

    ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method