ALPINE-CVE-2020-15778

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2020-15778

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-15778.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2020-15778

Upstream

CVE-2020-15778

Published

2020-07-24T14:15:12.450Z

Modified

2025-12-03T22:46:42.084253Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

References

https://security.alpinelinux.org/vuln/CVE-2020-15778

Affected packages

Alpine:v3.19 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3_p1-r0

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.9_p1-r0

6.9_p1-r1

6.9_p1-r2

6.9_p1-r3

6.9_p1-r4

6.9_p1-r5

7.*

7.1_p1-r0

7.1_p1-r1

7.1_p2-r0

7.2_p1-r0

7.2_p2-r0

7.2_p2-r1

7.3_p1-r0

7.3_p1-r1

7.3_p1-r2

7.4_p1-r0

7.4_p1-r1

7.4_p1-r2

7.5_p1-r0

7.5_p1-r1

7.5_p1-r2

7.5_p1-r3

7.5_p1-r4

7.5_p1-r5

7.5_p1-r6

7.5_p1-r7

7.5_p1-r8

7.6_p1-r0

7.6_p1-r1

7.7_p1-r0

7.7_p1-r1

7.7_p1-r2

7.7_p1-r3

7.7_p1-r4

7.8_p1-r0

7.9_p1-r0

7.9_p1-r1

7.9_p1-r2

7.9_p1-r3

7.9_p1-r4

7.9_p1-r5

8.*

8.0_p1-r0

8.0_p1-r1

8.0_p1-r2

8.1_p1-r0

8.2_p1-r0

Alpine:v3.20 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3_p1-r0

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.9_p1-r0

6.9_p1-r1

6.9_p1-r2

6.9_p1-r3

6.9_p1-r4

6.9_p1-r5

7.*

7.1_p1-r0

7.1_p1-r1

7.1_p2-r0

7.2_p1-r0

7.2_p2-r0

7.2_p2-r1

7.3_p1-r0

7.3_p1-r1

7.3_p1-r2

7.4_p1-r0

7.4_p1-r1

7.4_p1-r2

7.5_p1-r0

7.5_p1-r1

7.5_p1-r2

7.5_p1-r3

7.5_p1-r4

7.5_p1-r5

7.5_p1-r6

7.5_p1-r7

7.5_p1-r8

7.6_p1-r0

7.6_p1-r1

7.7_p1-r0

7.7_p1-r1

7.7_p1-r2

7.7_p1-r3

7.7_p1-r4

7.8_p1-r0

7.9_p1-r0

7.9_p1-r1

7.9_p1-r2

7.9_p1-r3

7.9_p1-r4

7.9_p1-r5

8.*

8.0_p1-r0

8.0_p1-r1

8.0_p1-r2

8.1_p1-r0

8.2_p1-r0

Alpine:v3.21 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3_p1-r0

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.9_p1-r0

6.9_p1-r1

6.9_p1-r2

6.9_p1-r3

6.9_p1-r4

6.9_p1-r5

7.*

7.1_p1-r0

7.1_p1-r1

7.1_p2-r0

7.2_p1-r0

7.2_p2-r0

7.2_p2-r1

7.3_p1-r0

7.3_p1-r1

7.3_p1-r2

7.4_p1-r0

7.4_p1-r1

7.4_p1-r2

7.5_p1-r0

7.5_p1-r1

7.5_p1-r2

7.5_p1-r3

7.5_p1-r4

7.5_p1-r5

7.5_p1-r6

7.5_p1-r7

7.5_p1-r8

7.6_p1-r0

7.6_p1-r1

7.7_p1-r0

7.7_p1-r1

7.7_p1-r2

7.7_p1-r3

7.7_p1-r4

7.8_p1-r0

7.9_p1-r0

7.9_p1-r1

7.9_p1-r2

7.9_p1-r3

7.9_p1-r4

7.9_p1-r5

8.*

8.0_p1-r0

8.0_p1-r1

8.0_p1-r2

8.1_p1-r0

8.2_p1-r0

Alpine:v3.22 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3_p1-r0

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.9_p1-r0

6.9_p1-r1

6.9_p1-r2

6.9_p1-r3

6.9_p1-r4

6.9_p1-r5

7.*

7.1_p1-r0

7.1_p1-r1

7.1_p2-r0

7.2_p1-r0

7.2_p2-r0

7.2_p2-r1

7.3_p1-r0

7.3_p1-r1

7.3_p1-r2

7.4_p1-r0

7.4_p1-r1

7.4_p1-r2

7.5_p1-r0

7.5_p1-r1

7.5_p1-r2

7.5_p1-r3

7.5_p1-r4

7.5_p1-r5

7.5_p1-r6

7.5_p1-r7

7.5_p1-r8

7.6_p1-r0

7.6_p1-r1

7.7_p1-r0

7.7_p1-r1

7.7_p1-r2

7.7_p1-r3

7.7_p1-r4

7.8_p1-r0

7.9_p1-r0

7.9_p1-r1

7.9_p1-r2

7.9_p1-r3

7.9_p1-r4

7.9_p1-r5

8.*

8.0_p1-r0

8.0_p1-r1

8.0_p1-r2

8.1_p1-r0

8.2_p1-r0

Alpine:v3.23 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3_p1-r0

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.9_p1-r0

6.9_p1-r1

6.9_p1-r2

6.9_p1-r3

6.9_p1-r4

6.9_p1-r5

7.*

7.1_p1-r0

7.1_p1-r1

7.1_p2-r0

7.2_p1-r0

7.2_p2-r0

7.2_p2-r1

7.3_p1-r0

7.3_p1-r1

7.3_p1-r2

7.4_p1-r0

7.4_p1-r1

7.4_p1-r2

7.5_p1-r0

7.5_p1-r1

7.5_p1-r2

7.5_p1-r3

7.5_p1-r4

7.5_p1-r5

7.5_p1-r6

7.5_p1-r7

7.5_p1-r8

7.6_p1-r0

7.6_p1-r1

7.7_p1-r0

7.7_p1-r1

7.7_p1-r2

7.7_p1-r3

7.7_p1-r4

7.8_p1-r0

7.9_p1-r0

7.9_p1-r1

7.9_p1-r2

7.9_p1-r3

7.9_p1-r4

7.9_p1-r5

8.*

8.0_p1-r0

8.0_p1-r1

8.0_p1-r2

8.1_p1-r0

8.2_p1-r0