In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. https://nvd.nist.gov/vuln/detail/CVE-2018-20685