omarandstuff
commented
8 months ago Hey @alexesba time no see, are you using this package? I haven't use it in for ever, if you need this patch I will happily upgrade it!
Open alexesba opened 8 months ago
omarandstuff
commented
8 months ago Hey @alexesba time no see, are you using this package? I haven't use it in for ever, if you need this patch I will happily upgrade it!
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.