Lucene search
K

30 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1168

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00514EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29447

Malicious code in bioql PyPI...

4.1CVSS6.3AI score0.00171EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-59769

Malicious code in bioql PyPI...

4.1CVSS6.4AI score0.00171EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/09/04 10:13 a.m.5 views

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.

...

6.4CVSS7AI score0.00514EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-53158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gix-transport crate before 0.36.1 for Rust allows command execution via the gix clone 'ssh://-oProxyCommand=open$IFS substring. NOTE: this was discovered...

4.1CVSS6AI score0.00171EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/28 11:36 p.m.5 views

SUSE CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS7.3AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/28 10:10 a.m.5 views

CVE-2023-53158

A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...

4.1CVSS6.9AI score0.00171EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/07/28 3:31 a.m.7 views

Duplicate Advisory: gix-transport code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...

6.4AI score
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/28 3:31 a.m.5 views

GHSA-5C5J-JMHX-Q2GR Duplicate Advisory: gix-transport code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...

4.1CVSS6.4AI score0.00171EPSS
Exploits0References5
OSV
OSV
added 2025/07/28 1:15 a.m.8 views

AZL-66020 CVE-2023-53158 affecting package rust for versions less than 1.72.0-8

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS5.9AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/07/28 1:15 a.m.6 views

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS7.3AI score
Exploits0References4
NVD
NVD
added 2025/07/28 1:15 a.m.6 views

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS0.00171EPSS
Exploits0References4
OSV
OSV
added 2025/07/28 1:15 a.m.3 views

UBUNTU-CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS6AI score0.00171EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/28 12:0 a.m.13 views

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS0.00171EPSS
Exploits0References4
CVE
CVE
added 2025/07/28 12:0 a.m.18 views

CVE-2023-53158

CVE-2023-53158 affects the Rust crate gix-transport (before 0.36.1). The issue enables command execution via the substring gix clone 'ssh://-oProxyCommand=open$IFS', i.e., an SSH command injection. Impact details in sources indicate local attack vector with low confidentiality/integrity impact an...

4.1CVSS7.3AI score0.00171EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.5 views

gix-transport crate 操作系统命令注入漏洞

gix-transport crate is a Rust library open-sourced by GitoxideLabs. An operating system command injection vulnerability exists in gix-transport crate versions prior to 0.36.1, which stems from the fact that ssh command injection may lead to remote command execution...

4.1CVSS7.4AI score0.00171EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/28 12:0 a.m.4 views

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS6.4AI score0.00171EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/08/16 7:0 a.m.7 views

gix-transport indirect code execution via malicious username

...

6.4CVSS7AI score0.00514EPSS
Exploits0
OSV
OSV
added 2024/04/26 6:15 p.m.9 views

AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

6.4CVSS7.1AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 6:4 p.m.21 views

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

6.4CVSS6.8AI score0.00514EPSS
Exploits0References2
Rows per page
Query Builder