CVE-2021-3331

Q: What is CVE-2021-3331?

CVE-2021-3331 is a vulnerability in WinSCP before version 5.17.10 that allows remote attackers to execute arbitrary programs by exploiting a crafted URL that loads session settings.

Q: How severe is CVE-2021-3331?

CVE-2021-3331 has a severity rating of 9.8 (critical).

Q: How does CVE-2021-3331 affect WinSCP?

CVE-2021-3331 affects WinSCP versions prior to 5.17.10.

Q: How can I fix CVE-2021-3331?

To fix CVE-2021-3331, you should update WinSCP to version 5.17.10 or later.

Q: Are there any references related to CVE-2021-3331?

Yes, you can find more information about CVE-2021-3331 at the following references: [GitHub Commit](https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d), [Version History](https://winscp.net/eng/docs/history#5.17.10), [Raw Settings](https://winscp.net/eng/docs/rawsettings).

Published Jan 27, 2021

Updated

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)

Affected Software

1 affected component

WinSCP WinSCP<5.17.10

Remediation

Patch Available

https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d

Patch Available

https://winscp.net/tracker/1943

Event History

Jan 27, 2021

CVE Published

via MITRE·08:22 PM

Data Sourced

via MITRE·08:22 PM

Description

Frequently Asked Questions

What is CVE-2021-3331?

CVE-2021-3331 is a vulnerability in WinSCP before version 5.17.10 that allows remote attackers to execute arbitrary programs by exploiting a crafted URL that loads session settings.

How severe is CVE-2021-3331?

CVE-2021-3331 has a severity rating of 9.8 (critical).

How does CVE-2021-3331 affect WinSCP?

CVE-2021-3331 affects WinSCP versions prior to 5.17.10.

How can I fix CVE-2021-3331?

To fix CVE-2021-3331, you should update WinSCP to version 5.17.10 or later.

Are there any references related to CVE-2021-3331?

Yes, you can find more information about CVE-2021-3331 at the following references: [GitHub Commit](https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d), [Version History](https://winscp.net/eng/docs/history#5.17.10), [Raw Settings](https://winscp.net/eng/docs/rawsettings).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2021-3331

Affected Software

Remediation

Patch Available

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2021-3331?

How severe is CVE-2021-3331?

How does CVE-2021-3331 affect WinSCP?

How can I fix CVE-2021-3331?

Are there any references related to CVE-2021-3331?

Company

Resources

Contact