Command Execution Vulnerability in gix-transport for Rust
CVE-2023-53158

Currently unrated

Key Information:

Vendor: Rust
Status: gix-transport
Vendor: CVE Published:; 28 July 2025

What is CVE-2023-53158?

The gix-transport crate prior to version 0.36.1 for Rust contains a vulnerability that allows attackers to execute arbitrary commands. This is achieved through the improper handling of the command syntax, specifically with the use of 'gix clone ssh://-oProxyCommand=open$IFS'. This vulnerability presents a significant risk to applications utilizing gix-transport, enabling potential unauthorized command execution in vulnerable environments.

References

https://crates.io/crates/gix-transport

https://github.com/advisories/GHSA-rrjw-j4m2-mf34

https://github.com/GitoxideLabs/gitoxide/pull/1032

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025