CVE-2024-52308

Name of the Vulnerable Software and Affected Versions: GitHub CLI versions 2.6.1 and earlier

Description: The issue is related to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This occurs when a malicious third-party devcontainer contains a modified SSH server that injects ssh arguments within the SSH connection details, allowing arbitrary code execution on the user's workstation if the remote username contains something like -oProxyCommand="echo hacked" #. The -oProxyCommand flag causes ssh to execute the provided command while # shell comment causes any other ssh arguments to be ignored. In version 2.62.0, the remote username information is being validated before being used.

Recommendations: Upgrade to version 2.62.0 to fix the issue. As a temporary workaround, consider validating the remote username information before using it in ssh commands. Exercise caution when using custom devcontainer images, prefer default or pre-built devcontainers from trusted sources.