VanDyke Software VShell for Windows Virtual Roots SFTP Directory Traversal
Risk assessment: Medium
Posted: February 1, 2022
With some SFTP clients, an authenticated user could send a maliciously crafted path to VShell on Windows that would allow access to the file system outside the virtual root folder(s), causing folder access to be restricted only by NTFS permissions.
Products Not Affected
VShell for Windows: versions 3.0.4 and earlier
VShell for Windows: versions 4.6.3 and newer
VShell for Unix, Linux, and Mac: all versions
VShell for Windows: versions from 3.5.0 through 4.6.2
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.