CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2018-20684 — MEDIUM severity vulnerability | Release Alert
CVE-2018-20684
6.4
MEDIUMCVSS v2
Published
January 10, 2019
Affected
2 projects
Assigned by
MITRE
Severity scale
010
Description
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
GitHubWinSCP is a popular free file manager for Windows supporting SFTP, FTP, FTPS, SCP, S3, WebDAV and local-to-local file transfers. A powerful tool to enhance your productivity with a user-friendly interface and automation options like .NET assembly.
NuGet GalleryThe WinSCP .NET assembly is a .NET wrapper around WinSCP’s scripting interface that allows your code to connect to a remote machine and manipulate remote files over SFTP, FTP, WebDAV, S3 and SCP sessions.
The library is primarily intended for advanced automation tasks on Microsoft Windows that require conditional processing, loops or other control structures for which the basic scripting interface is too limited. The library is not a general purpose file transfer library. It particularly has a limited support for an interactive processing, and as such it is not well suited for use in GUI applications. For the same reason it is also difficult to use the assembly within a restricted environment like a web server, that limits or even restricts execution of external processes.
For documentation and examples of use, see project website.
The NuGet package includes the assembly itself and a required WinSCP executable. When installed, it adds the assembly as reference to your project and sets up WinSCP executable to be copied to project output directory, so that it can be found on run-time.