Merge pull request #4317 from github/EliahKagan-GHSA-rrjw-j4m2-mf34

github · Jul 8, 2024 · 15d0b6e · 15d0b6e
2 parents 919afe6 + 6a53ce4
commit 15d0b6e
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/advisories/github-reviewed/2023/09/GHSA-rrjw-j4m2-mf34/GHSA-rrjw-j4m2-mf34.json b/advisories/github-reviewed/2023/09/GHSA-rrjw-j4m2-mf34/GHSA-rrjw-j4m2-mf34.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rrjw-j4m2-mf34",
-  "modified": "2023-09-25T20:21:16Z",
+  "modified": "2023-09-25T20:21:17Z",
   "published": "2023-09-25T20:21:16Z",
   "aliases": [
 
   ],
   "summary": "gix-transport code execution vulnerability",
-  "details": "The `gix-transport` crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the `ssh` program, leading to arbitrary code execution.\n\nPoC: `gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'`\n\nThis will launch a calculator on OSX.\n\nSee https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in `git`.",
+  "details": "The `gix-transport` crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the `ssh` program, leading to arbitrary code execution.\n\nPoC: `gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'`\n\nThis will launch a calculator on OSX.\n\nSee https://secure.phabricator.com/T12961 for more details on similar vulnerabilities in `git`.\n\nThanks for [vin01](https://github.com/vin01) for disclosing the issue.",
   "severity": [
 
   ],
@@ -52,7 +52,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-88"
     ],
     "severity": "MODERATE",
     "github_reviewed": true,