Skip to main content

CVE-2023-51385

Description

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-51385
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Refrence: NVDMITRE

Proof Of Concept

vin01

Proof of conept to exploit vulnerable proxycommand configurations on ssh clients (CVE-2023-51385)

Refrence: GitHub

FeatherStark

Refrence: GitHub

watarium

Refrence: GitHub

GoodPeople-ZhangSan

This is a test

Refrence: GitHub

Le1a

OpenSSH ProxyCommand RCE

Refrence: GitHub

LtmThink

一个验证对CVE-2023-51385

Refrence: GitHub

WLaoDuo

CVE-2023-51385;OpenSSH ProxyCommand RCE;OpenSSH <9.6 命令注入漏洞poc

Refrence: GitHub

N0rther

CVE-2023-51385测试POC

Refrence: GitHub

power1314520

一个验证对CVE-2023-51385

Refrence: GitHub

WOOOOONG

CVE-2023-51385 PoC Exploit

Refrence: GitHub

uccu99

Refrence: GitHub

julienbrs

Refrence: GitHub

julienbrs

Refrence: GitHub

Sonicrrrr

Refrence: GitHub

farliy-hacker

CVE-2023-51385

Refrence: GitHub

farliy-hacker

CVE-2023-51385-save

Refrence: GitHub

2048JiaLi

CVE-2023-51385 的exp

Refrence: GitHub

thinkliving2020

CVE-2023-51385

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8