huntr.dev - Code Injection

[huntr-helper]

This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)

Vulnerability Description

Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. The issue arises here: https://github.com/ecto/node-scp/blob/master/scp.js#L22

Bug Bounty

We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded 💰? Go to https://huntr.dev/