CVE-2023-51385
Description
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Severity: MEDIUM
CVE ID: CVE-2023-51385
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Proof Of Concept
vin01
Proof of conept to exploit vulnerable proxycommand configurations on ssh clients (CVE-2023-51385)
Refrence: GitHub
FeatherStark
Refrence: GitHub
watarium
Refrence: GitHub
GoodPeople-ZhangSan
This is a test
Refrence: GitHub
Le1a
OpenSSH ProxyCommand RCE
Refrence: GitHub
LtmThink
一个验证对CVE-2023-51385
Refrence: GitHub
WLaoDuo
CVE-2023-51385;OpenSSH ProxyCommand RCE;OpenSSH <9.6 命令注入漏洞poc
Refrence: GitHub
N0rther
CVE-2023-51385测试POC
Refrence: GitHub
power1314520
一个验证对CVE-2023-51385
Refrence: GitHub
WOOOOONG
CVE-2023-51385 PoC Exploit
Refrence: GitHub
uccu99
Refrence: GitHub
julienbrs
Refrence: GitHub
julienbrs
Refrence: GitHub
Sonicrrrr
Refrence: GitHub
farliy-hacker
CVE-2023-51385
Refrence: GitHub
farliy-hacker
CVE-2023-51385-save
Refrence: GitHub
2048JiaLi
CVE-2023-51385 的exp
Refrence: GitHub
thinkliving2020
CVE-2023-51385
Refrence: GitHub