Chinmay Pandya

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions through 8.3p1 OpenSSH (affected versions not specified) is also mentioned in relation to other products, but the primary focus is on OpenSSH through 8.3p1. **Description** The issue allows command injection in the `scp.c` `toremove` function, as demonstrated by backtick characters in the destination argument. This could potentially allow a remote attacker to execute arbitrary commands. The vendor has reportedly stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." **Recommendations** For OpenSSH versions through 8.3p1: Consider disabling the `toremove` function in `scp.c` until a patch is available, or restrict the use of backtick characters in the destination argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.