VDB

CISA-2023-51385

CISA-2023-51385 PUBLISHED CVSS 6.5 MEDIUM

Reported by mitre · Published December 18, 2023

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, *

Timeline

  • Dec 18, 2023 CVE Published
  • Dec 18, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›