CVE
CVE-2023-51385
| CVE ID |
CVE-2023-51385
|
|---|---|
| CVSS Score |
6.5
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
openssh-7.4p1-23_ol005.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2023-51385
- Changed CVE-2023-51385 behavior from automatic disabling of SCP to notification.
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.