CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2019-6110 — MEDIUM severity vulnerability | Release Alert
CVE-2019-6110
6.8
MEDIUMCVSS v3
Published
January 31, 2019
CVSS v2
4 MEDIUM
Affected
2 projects
Assigned by
MITRE
Severity scale
010
Description
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
GitHubWinSCP is a popular free file manager for Windows supporting SFTP, FTP, FTPS, SCP, S3, WebDAV and local-to-local file transfers. A powerful tool to enhance your productivity with a user-friendly interface and automation options like .NET assembly.
NuGet GalleryThe WinSCP .NET assembly is a .NET wrapper around WinSCP’s scripting interface that allows your code to connect to a remote machine and manipulate remote files over SFTP, FTP, WebDAV, S3 and SCP sessions.
The library is primarily intended for advanced automation tasks on Microsoft Windows that require conditional processing, loops or other control structures for which the basic scripting interface is too limited. The library is not a general purpose file transfer library. It particularly has a limited support for an interactive processing, and as such it is not well suited for use in GUI applications. For the same reason it is also difficult to use the assembly within a restricted environment like a web server, that limits or even restricts execution of external processes.
For documentation and examples of use, see project website.
The NuGet package includes the assembly itself and a required WinSCP executable. When installed, it adds the assembly as reference to your project and sets up WinSCP executable to be copied to project output directory, so that it can be found on run-time.