CVE-2023-53158

Published
View on NVD ↗
CVSS v3
4.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.

GitoxideLabs/gitoxide
GitoxideLabs/gitoxide
An idiomatic, lean, fast & safe pure Rust implementation of Git
GitHubGitHub
11.5K
gix-transport
gix-transport
A crate of the gitoxide project dedicated to implementing the git transport layer
Crates.ioCrates.io
31.6M