Low severity3.5OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-34713
CVE-2024-34713
Description
sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the force_command option in sshproxy.yaml, but it's rarely relevant.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cea-hpc/sshproxyGo | < 1.6.3 | 1.6.3 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jmqp-37m5-49whghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34713ghsaADVISORY
- github.com/cea-hpc/sshproxy/commit/3b8bccc874dc4ca2c80c956cad65722abb46f0b9ghsaWEB
- github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580nvdWEB
- github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49whnvdWEB
News mentions
0No linked articles in our index yet.