2019-02-04 21:00:00
mitre
PUBLISHED
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection) vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.