GHSA-MCQQ-FQGF-RXWM Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...