Low severity3.5NVD Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-34713
CVE-2024-34713
Description
sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the force_command option in sshproxy.yaml, but it's rarely relevant.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cea-hpc/sshproxyGo | < 1.6.3 | 1.6.3 |
Patches
2f7eabd05d5f0Prevent ssh option injection (#16)
2 files changed · +3 −3
cmd/sshproxy/sshproxy.go+2 −2 modified@@ -474,7 +474,7 @@ func mainExitCode() int { if doCmd == fromCmd { log.Debugf("translateCmdConf = %+v", translateCmdConf) sshArgs = append(sshArgs, translateCmdConf.SSHArgs...) - sshArgs = append(sshArgs, "--", host, translateCmdConf.Command) + sshArgs = append(sshArgs, host, "--", translateCmdConf.Command) if config.Dump != "" && translateCmdConf.DisableDump { config.Dump = "etcd" } @@ -487,7 +487,7 @@ func mainExitCode() int { // Force TTY allocation because the user probably asked for it. sshArgs = append(sshArgs, "-t") } - sshArgs = append(sshArgs, host, doCmd) + sshArgs = append(sshArgs, host, "--", doCmd) } } else { sshArgs = append(sshArgs, host)
test/fedora-image/Dockerfile+1 −1 modified@@ -1,4 +1,4 @@ -FROM fedora:latest +FROM fedora:39 # Install development environment to compile RPM RUN set -ex \
3b8bccc874dcPrevent ssh option injection
2 files changed · +3 −3
cmd/sshproxy/sshproxy.go+2 −2 modified@@ -474,7 +474,7 @@ func mainExitCode() int { if doCmd == fromCmd { log.Debugf("translateCmdConf = %+v", translateCmdConf) sshArgs = append(sshArgs, translateCmdConf.SSHArgs...) - sshArgs = append(sshArgs, "--", host, translateCmdConf.Command) + sshArgs = append(sshArgs, host, "--", translateCmdConf.Command) if config.Dump != "" && translateCmdConf.DisableDump { config.Dump = "etcd" } @@ -487,7 +487,7 @@ func mainExitCode() int { // Force TTY allocation because the user probably asked for it. sshArgs = append(sshArgs, "-t") } - sshArgs = append(sshArgs, host, doCmd) + sshArgs = append(sshArgs, host, "--", doCmd) } } else { sshArgs = append(sshArgs, host)
test/centos-image/Dockerfile+1 −1 modified@@ -1,4 +1,4 @@ -FROM fedora:latest +FROM fedora:39 # Install development environment to compile RPM RUN set -ex \
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-jmqp-37m5-49whghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34713ghsaADVISORY
- github.com/cea-hpc/sshproxy/commit/3b8bccc874dc4ca2c80c956cad65722abb46f0b9ghsaWEB
- github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580nvdWEB
- github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49whnvdWEB
News mentions
0No linked articles in our index yet.