In ssh in OpenSSH prior to 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |