A set of 36-year-old vulnerabilities have been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications. The vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle attackers to drop or overwrite arbitrary files on the client’s system. All SCP client applications, including OpenSSH, PuTTY, and WinSCP, which uses SCP as a standard to transfer files are affected.
Source: https://thehackernews.com/2019/01/scp-software-vulnerabilities.html