CVE-2024-34713: sshproxy vulnerable to SSH option injection
Any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy.
All versions of sshproxy are impacted.
References
- github.com/advisories/GHSA-jmqp-37m5-49wh
- github.com/cea-hpc/sshproxy
- github.com/cea-hpc/sshproxy/commit/3b8bccc874dc4ca2c80c956cad65722abb46f0b9
- github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
- github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh
- nvd.nist.gov/vuln/detail/CVE-2024-34713
Code Behaviors & Features
Detect and mitigate CVE-2024-34713 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →