VYPR
Low severity3.5OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026

CVE-2024-34713

CVE-2024-34713

Description

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the force_command option in sshproxy.yaml, but it's rarely relevant.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/cea-hpc/sshproxyGo
< 1.6.31.6.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.