CVE-2023-53158 Information

Description

The gix-transport crate before 0.36.1 for Rust allows command execution via the \gix clone ‘ssh://-oProxyCommand=open$IFS\ substring. NOTE: this was discovered before CVE-2024-32884 a similar vulnerability (involving a username field) that is more difficult to exploit.

Reference

https://crates.io/crates/gix-transport https://github.com/advisories/GHSA-rrjw-j4m2-mf34 https://github.com/GitoxideLabs/gitoxide/pull/1032 https://rustsec.org/advisories/RUSTSEC-2023-0064.html

Related CNNVD

CNNVD-202507-3457 (Published: 2025-07-28)