Pekka Pessi

**Name of the Vulnerable Software and Affected Versions** scponly versions 4.1 and earlier **Description** The issue allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered, when both scp and rsync compatibility are enabled. Multiple vulnerabilities in the scponly package can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For scponly versions 4.1 and earlier, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider disabling the scp and rsync compatibility features until a patch is available. Restrict access to the `getopt` style argument specifications to minimize the risk of exploitation.