CVE-2023-53158

CVSS v3.1

4.1

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions gix-transport crate versions prior to 0.36.1

Description The gix-transport crate contains a flaw that allows command execution through a crafted input string during a clone operation. Specifically, the vulnerability is triggered by the “gix clone 'ssh://-oProxyCommand=open$IFS” substring. This issue was identified before a similar vulnerability (CVE-2024-32884) involving a username field, which is considered more difficult to exploit.

Recommendations Update the gix-transport crate to version 0.36.1 or later.

Fix

OS Command Injection

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-88

Related Identifiers

AZL-66020

CVE-2023-53158

GHSA-5C5J-JMHX-Q2GR

GHSA-RRJW-J4M2-MF34

RUSTSEC-2023-0064

Affected Products

Gix-Transport

CVE-2023-53158

Weakness Enumeration

Related Identifiers

Affected Products

References · 18