VanDyke Software

Security Advisory

Security Advisory

VanDyke Software VShell for Windows Virtual Roots SFTP Directory Traversal

Risk assessment: Medium

Posted: February 1, 2022


With some SFTP clients, an authenticated user could send a maliciously crafted path to VShell on Windows that would allow access to the file system outside the virtual root folder(s), causing folder access to be restricted only by NTFS permissions.

Products Not Affected

  • VShell for Windows: versions 3.0.4 and earlier
  • VShell for Windows: versions 4.6.3 and newer
  • VShell for Unix, Linux, and Mac: all versions

Products Affected

  • VShell for Windows: versions from 3.5.0 through 4.6.2

Recommended Solution

Upgrade to VShell 4.6.3 or newer on Windows

Vulnerability Fix Downloads

Revision History

February 1, 2022 – Security Advisory Published

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.