GHSA-rrjw-j4m2-mf34

Suggest an improvement
Source
https://github.com/advisories/GHSA-rrjw-j4m2-mf34
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-rrjw-j4m2-mf34/GHSA-rrjw-j4m2-mf34.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rrjw-j4m2-mf34
Aliases
Published
2023-09-25T20:21:16Z
Modified
2024-09-04T17:18:37Z
Summary
gix-transport code execution vulnerability
Details

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution.

PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'

This will launch a calculator on OSX.

See https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in git.

Thanks for vin01 for disclosing this issue.

References

Affected packages

crates.io / gix-transport

Package

Name
gix-transport
View open source insights on deps.dev
Purl
pkg:cargo/gix-transport

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.36.1