2025-07-28 00:00:00
mitre
PUBLISHED
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.