An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc

gix-transport indirect code execution via malicious username


gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs.


This is related to the patched vulnerability, but appears less severe due to a greater attack complexity. Since, gix-transport checks the host and path portions of a URL for text that has a - in a position that will cause ssh to interpret part of all of the URL as an option argument. But it does not check the non-mandatory username portion of the URL.

As in Git, when an address is a URL of the form ssh://username@hostname/path, or when it takes the special form username@hostname:dirs/repo, this is treated as an SSH URL. gix-transport will replace some characters in username with their %-based URL encodings, but otherwise passes username@hostname as an argument to the external ssh command. This happens even if username begins with a hyphen. In that case, ssh treats that argument as an option argument, and attempts to interpret and honor it as a sequence of one or more options possibly followed by an operand for the last option.

This is harder to exploit than GHSA-rrjw-j4m2-mf34, because the possibilities are constrained by:

However, an attacker who is able to cause a specially named ssh configuration file to be placed in the current working directory can smuggle in an -F option referencing the file, and this allows arbitrary command execution.

This scenario is especially plausible because programs that operate on git repositories are often run in untrusted git repositories, sometimes even to operate on another repository. Situations where this is likely, such that an attacker could predict or arrange it, may for some applications include a malicious repository with a malicious submodule configuration.

Other avenues of exploitation exist, but appear to be less severe. For example, the -E option can be smuggled to create or append to a file in the current directory (or its target, if it is a symlink). There may also be other significant ways to exploit this that have not yet been discovered, or that would arise with new options in future versions of ssh.


To reproduce the known case that facilitates arbitrary code execution, first create a file in the current directory named [email protected], of the form

ProxyCommand payload

where payload is a command with an observable side effect. On Unix-like systems, this could be date | tee vulnerable or an xdg-open, open, or other command command to launch a graphical application. On Windows, this could be the name of a graphical application already in the search path, such as calc.exe.

(Although the syntax permitted in the value of ProxyCommand may vary by platform, this is not limited to running commands in the current directory. That limitation only applies to paths directly smuggled in the username, not to the contents of a separate malicious configuration file. Arbitrary other settings may be specified in [email protected] as well.)

Then run:

gix clone 'ssh://[email protected]/abc'


gix clone -- '[email protected]:abc/def'

(The -- is required to ensure that gix is really passing the argument as a URL for use in gix-transport, rather than interpreting it as an option itself, which would not necessarily be a vulnerability.)

In either case, the payload specified in [email protected] runs, and its side effect can be observed.

Other cases may likewise be produced, in either of the above two forms of SSH addresses. For example, to create or append to the file [email protected], or to create or append to its target if it is a symlink:

gix clone 'ssh://[email protected]/abc'
gix clone -- '[email protected]:abc/def'


As in, this would typically require user interaction to trigger an attempt to clone or otherwise connect using the malicious URL. Furthermore, known means of exploiting this vulnerability to execute arbitrary commands require further preparatory steps to establish a specially named file in the current directory. The impact is therefore expected to be lesser, though it is difficult to predict it with certainty because it is not known exactly what scenarios will arise when using the gix-transport library.

Users who use applications that make use of gix-transport are potentially vulnerable, especially:

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: 23 days ago

CVSS Score: 6.4
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

Identifiers: GHSA-98p4-xjmm-8mfh, CVE-2024-32884
References: Repository:
Blast Radius: 14.0

Affected Packages

Dependent packages: 1
Dependent repositories: 1
Downloads: 40,708 total
Affected Version Ranges: < 0.35
Fixed in: 0.35
All affected versions: 0.1.0, 0.3.0, 0.4.0, 0.4.1, 0.4.3, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.22.1, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.33.0, 0.34.0
All unaffected versions: 0.35.0
Dependent packages: 57
Dependent repositories: 77
Downloads: 3,500,420 total
Affected Version Ranges: < 0.62
Fixed in: 0.62
All affected versions: 0.0.0, 0.35.0, 0.36.0, 0.36.1, 0.37.0, 0.37.1, 0.37.2, 0.38.0, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.43.1, 0.44.0, 0.44.1, 0.45.0, 0.45.1, 0.46.0, 0.47.0, 0.48.0, 0.49.0, 0.49.1, 0.50.0, 0.50.1, 0.51.0, 0.52.0, 0.53.0, 0.53.1, 0.54.0, 0.54.1, 0.55.0, 0.55.1, 0.55.2, 0.56.0, 0.57.0, 0.57.1, 0.58.0, 0.59.0, 0.60.0, 0.61.0, 0.61.1
All unaffected versions: 0.62.0
Dependent packages: 4
Dependent repositories: 153
Downloads: 2,149,763 total
Affected Version Ranges: < 0.42.0
Fixed in: 0.42.0
All affected versions: 0.25.4, 0.25.5, 0.25.6, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.29.1, 0.30.0, 0.31.0, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.36.0, 0.36.1, 0.37.0, 0.37.1, 0.38.0, 0.39.0, 0.40.0, 0.40.1, 0.41.0, 0.41.1, 0.41.2, 0.41.3
All unaffected versions: 0.42.0