Vinci

**Name of the Vulnerable Software and Affected Versions** libssh (affected versions not specified) OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 **Description** A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the `hostname` parameter. The vulnerability is related to the incorrect control of code generation in the ProxyCommand/ProxyJump component of the libssh library. **Recommendations** For libssh versions prior to 0.10.6 and 0.9.8, update to version 0.10.6 or 0.9.8 to resolve the issue. For OpenSSH versions prior to 9.6p1, update to version 9.6p1 to resolve the issue. As a temporary workaround, consider restricting the use of the ProxyCommand and ProxyJump features until a patch is available. Avoid using the `hostname` parameter in the affected API endpoints until the issue is resolved.