Skip to content

gix-transport code execution vulnerability

Moderate severity GitHub Reviewed Published Sep 25, 2023 to the GitHub Advisory Database • Updated Sep 25, 2023

Package

cargo gix-transport (Rust)

Affected versions

< 0.36.1

Patched versions

0.36.1

Description

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution.

PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'

This will launch a calculator on OSX.

See https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in git.

References

Published to the GitHub Advisory Database Sep 25, 2023
Reviewed Sep 25, 2023
Last updated Sep 25, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-rrjw-j4m2-mf34

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.