Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-JMQP-37M5-49WH
HistoryMay 14, 2024 - 8:16 p.m.

sshproxy vulnerable to SSH option injection

2024-05-1420:16:33
Google
osv.dev
5
sshproxy
ssh command injection
vulnerability
patches
workaround
force command option

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Impact

Any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy.
All versions of sshproxy are impacted.

Patches

The problem is patched starting on version 1.6.3

Workarounds

The only workaround is to use the force_command option in sshproxy.yaml, but it’s rarely relevant.

References

CPENameOperatorVersion
github.com/cea-hpc/sshproxylt1.6.3

Related

cve 1
veracode 1
osv 1
cvelist 1
github 1
cve
cve
CVE-2024-34713
2024-05-14 16:17:27
veracode
veracode
Command Injection
2024-05-15 06:41:15
osv
osv
CVE-2024-34713
2024-05-14 16:17:27
cvelist
cvelist
CVE-2024-34713 sshproxy vulnerable to SSH option injection
2024-05-14 14:38:24
github
github
sshproxy vulnerable to SSH option injection
2024-05-14 20:16:33

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for OSV:GHSA-JMQP-37M5-49WH
cve1veracode1osv1cvelist1github1