Security Advisory

CVE-2021-3331

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-27 20:22:25

Last updated 2024-08-03 16:53:17

Assigner mitre

State PUBLISHED

Description

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)

← Browse all CVEs View on cve.org ↗