You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The gix-transport crate prior to the patched version 0.36.1 would allow attackers to
use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading
to arbitrary code execution.
gix-transport0.33.1>=0.36.1The
gix-transportcrate prior to the patched version 0.36.1 would allow attackers touse malicious ssh clone URLs to pass arbitrary arguments to the
sshprogram, leadingto arbitrary code execution.
PoC:
gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'This will launch a calculator on OSX.
See https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in
git.Thanks for vin01 for disclosing the issue.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: