Skip to content

gix-transport code execution vulnerability

Moderate severity GitHub Reviewed Published Sep 25, 2023 to the GitHub Advisory Database • Updated Jul 8, 2024

Package

cargo gix-transport (Rust)

Affected versions

< 0.36.1

Patched versions

0.36.1

Description

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution.

PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'

This will launch a calculator on OSX.

See https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in git.

Thanks for vin01 for disclosing this issue.

References

Published to the GitHub Advisory Database Sep 25, 2023
Reviewed Sep 25, 2023
Last updated Jul 8, 2024

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-rrjw-j4m2-mf34

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.