CVE-2023-53158
Public on 2025-07-28
Modified on 2025-08-04
Description
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | rustc | Not Affected | ||
| Amazon Linux 2023 | rustc | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.1 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |