GHSA-rrjw-j4m2-mf34

Source

https://github.com/advisories/GHSA-rrjw-j4m2-mf34

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-rrjw-j4m2-mf34/GHSA-rrjw-j4m2-mf34.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rrjw-j4m2-mf34

Aliases

RUSTSEC-2023-0064

Published

2023-09-25T20:21:16Z

Modified

2024-09-04T17:18:37Z

Summary

gix-transport code execution vulnerability

Details

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution.

PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'

This will launch a calculator on OSX.

See https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in git.

Thanks for vin01 for disclosing this issue.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-88"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-25T20:21:16Z"
}

References

Affected packages

crates.io / gix-transport

Package

Name: gix-transport; View open source insights on deps.dev
Purl: pkg:cargo/gix-transport

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.36.1