Using the ProxyCommand or the ProxyJump feature enables users to exploit
unchecked hostname syntax on the client, which enables to inject malicious code
into the command of the above-mentioned features through the hostname parameter.
User interaction is required to exploit this issue.
Advisory from libssh: https://www.libssh.org/security/advisories/CVE-2023-6004.txt
Advisory from OpenSSH which also suffered from this flaw: https://www.openssh.com/txt/release-9.6
Code execution via malicious input hostname or other tokens