CVE-2023-51385

MEDIUM

OpenSSH < 9.6 - OS Command Injection via Shell Metacharacters in Username or Hostname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 23 public exploits for CVE-2023-51385. PoCs published by vin01, LtmThink, Le1a.

AI-analyzed exploit summary This repository demonstrates an RCE vulnerability in SSH configurations where `ProxyCommand` tokens like `%h` and `%p` are improperly sanitized, allowing command injection via crafted SSH URLs. The PoC exploits this to execute arbitrary commands (e.g., launching Calculator on macOS).

Description

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Exploits (23)

nomisec WORKING POC 51 stars
by vin01 · poc
https://github.com/vin01/poc-proxycommand-vulnerable

This repository demonstrates an RCE vulnerability in SSH configurations where `ProxyCommand` tokens like `%h` and `%p` are improperly sanitized, allowing command injection via crafted SSH URLs. The PoC exploits this to execute arbitrary commands (e.g., launching Calculator on macOS).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: OpenSSH (versions with vulnerable `ProxyCommand` handling)
No auth needed
Prerequisites: SSH client with vulnerable `~/.ssh/config` using `ProxyCommand` tokens · Ability to craft malicious SSH URLs
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 7 stars
by LtmThink · poc
https://github.com/LtmThink/CVE-2023-51385_test

This repository demonstrates a command injection vulnerability in OpenSSH via ProxyCommand configuration, exploiting CVE-2023-51385. The PoC uses a maliciously crafted .gitmodules file to execute arbitrary commands when git clone is run with --recurse-submodules.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSH < 9.6p1
No auth needed
Prerequisites: OpenSSH version < 9.6p1 · Git client with submodule support · ProxyCommand configuration in ~/.ssh/config
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SUSPICIOUS 5 stars
by Le1a · poc
https://github.com/Le1a/CVE-2023-51385

The repository lacks actual exploit code and instead directs users to clone another repository, which is a common tactic for suspicious or malicious repos. No technical details about the vulnerability are provided.

Classification
Suspicious 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: OpenSSH
No auth needed
Prerequisites: ProxyCommand configured in SSH config
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB 2 stars
by WOOOOONG · poc
https://github.com/WOOOOONG/CVE-2023-51385

The repository contains only a minimal README with no exploit code, technical details, or functional PoC. It is a placeholder with no substantive content.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
gitlab WORKING POC
by testu2584 · poc
https://gitlab.com/testu2584/CVE-2023-51385_test

This repository demonstrates a command injection vulnerability in Git's handling of `.gitmodules` files when using SSH with a ProxyCommand. The exploit leverages backticks in the SSH URL to execute arbitrary commands during a `git clone` operation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Git (with SSH ProxyCommand configuration)
No auth needed
Prerequisites: SSH ProxyCommand configured in ~/.ssh/config · Git repository with malicious .gitmodules file
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by saarcastified · poc
https://github.com/saarcastified/CVE-2023-51385---OpenSSH-ProxyCommand-Injection-PoC

This repository contains a functional proof-of-concept for CVE-2023-51385, demonstrating command injection via OpenSSH's ProxyCommand option. The exploit leverages improper sanitization of the ProxyCommand value to achieve arbitrary command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: OpenSSH versions prior to 9.8
Auth required
Prerequisites: Access to the system via SSH · Ability to modify SSH configuration or command-line arguments
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Featherw1t · poc
https://github.com/Featherw1t/CVE-2023-51385_test

This repository demonstrates a command injection vulnerability in OpenSSH via the ProxyCommand configuration in ~/.ssh/config, exploiting CVE-2023-51385. The PoC uses a crafted .gitmodules file to execute arbitrary commands when git clone is run with --recurse-submodules.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSH < 9.6p1
No auth needed
Prerequisites: OpenSSH version < 9.6p1 · Access to modify ~/.ssh/config · Git client to execute the clone command
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by MiningBot-eth · poc
https://github.com/MiningBot-eth/CVE-2023-51385-exploit

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by endasugrue · poc
https://github.com/endasugrue/CVE-2023-51385_poc

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by c0deur · poc
https://github.com/c0deur/CVE-2023-51385

The repository contains only a README.md file with the CVE identifier and no additional technical details or exploit code. It is a placeholder with minimal content.

Classification
Stub 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by 2048JiaLi · poc
https://github.com/2048JiaLi/CVE-2023-51385

The repository contains a minimal README and a trivial shell script that creates a file. There is no functional exploit code or technical details about CVE-2023-51385.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by julienbrs · poc
https://github.com/julienbrs/malicious-exploit-CVE-2023-51385

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no functional content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by julienbrs · poc
https://github.com/julienbrs/exploit-CVE-2023-51385

The repository contains only a minimal README with no exploit code, technical details, or functional content. It appears to be a placeholder or incomplete submission.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by power1314520 · poc
https://github.com/power1314520/CVE-2023-51385_test

This repository demonstrates a command injection vulnerability in Git's handling of `.gitmodules` files when using SSH with a ProxyCommand. The exploit leverages a crafted URL in the `.gitmodules` file to execute arbitrary commands during a `git clone` operation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Git (with SSH and ProxyCommand configured)
No auth needed
Prerequisites: SSH configuration with ProxyCommand · Git client with submodule support
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by WLaoDuo · poc
https://github.com/WLaoDuo/CVE-2023-51385_poc-test

This repository contains a functional Proof of Concept (PoC) for CVE-2023-51385, an OpenSSH ProxyCommand command injection vulnerability affecting versions prior to 9.6. The PoC demonstrates remote code execution (RCE) by exploiting a malicious SSH configuration that triggers command execution when a user clones the repository.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSH <9.6
No auth needed
Prerequisites: Victim must have a vulnerable OpenSSH configuration with a malicious ProxyCommand entry · Victim must clone the repository with submodules
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by watarium · poc
https://github.com/watarium/poc-cve-2023-51385

The repository contains only a minimal README with no exploit code or technical details. It is a placeholder with no functional content.

Classification
Stub 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5586
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2023/12/26/4
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202312-17

Scores

CVSS v3 6.5
EPSS 0.1975
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (4)
debian/debian_linux 10.0
debian/debian_linux 11.0
debian/debian_linux 12.0
openbsd/openssh < 9.6
Published Dec 18, 2023
Tracked Since Feb 18, 2026