{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T07:05:39.532","vulnerabilities":[{"cve":{"id":"CVE-2020-26301","sourceIdentifier":"security-advisories@github.com","published":"2021-09-20T20:15:11.513","lastModified":"2024-11-21T05:19:48.493","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0."},{"lang":"es","value":"ssh2 es un módulo cliente y servidor escrito en JavaScript puro para node.js. En ssh2 versiones anteriores a 1.4.0, se presenta una vulnerabilidad de inyección de comandos. El problema sólo se presenta en Windows. Este problema puede conllevar una ejecución de código remota si un cliente de la biblioteca llama al método vulnerable con una entrada no fiable. Esto es corregido en la versión 1.4.0"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.4.0","matchCriteriaId":"9A046B48-27ED-41C9-876A-07D1CC226B4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/ssh2","source":"security-advisories@github.com","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/ssh2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}