[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-51385":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":88,"related":89,"reserved_at":9,"published_at":97,"modified_at":98,"state":99,"summary":100,"references_raw":108,"kevs":179,"epss":180,"epss_history":183,"metrics":439,"affected":447},"CVE-2023-51385","In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86],{"_key":45},"ALPINE-CVE-2023-51385",{"_key":47},"SUSE-SU-2024:0596-1",{"_key":49},"SUSE-SU-2024:0603-1",{"_key":51},"SUSE-SU-2024:0604-1",{"_key":53},"SUSE-SU-2024:2393-1",{"_key":55},"OPENSUSE-SU-2024:14113-1",{"_key":57},"DLA-3694-1",{"_key":59},"DSA-5586-1",{"_key":61},"SUSE-SU-2025:20009-1",{"_key":63},"MGASA-2024-0010",{"_key":65},"DEBIAN-CVE-2023-51385",{"_key":67},"UBUNTU-CVE-2023-51385",{"_key":69},"USN-6560-2",{"_key":71},"USN-6560-3",{"_key":73},"USN-6565-1",{"_key":75},"RHSA-2024:0429",{"_key":77},"RHSA-2024:0455",{"_key":79},"RHSA-2024:0594",{"_key":81},"RHSA-2024:0606",{"_key":83},"RHSA-2024:1130",{"_key":85},"RHSA-2026:1790",{"_key":87},"RHSA-2026:22329",[],[90,91,92,93,94,95,96],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":61},{"_key":63},"2023-12-18T00:00:00.000Z","2026-05-12T11:21:37.418Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":102,"epss_score":103,"severity":102,"severity_score":104,"severity_version":105,"severity_source":106,"severity_vector":107,"severity_status":99},false,"medium",0.17234,6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",[109,115,120,125,131,135,139,143,147,151,155,159,163,167,171,175],{"url":110,"sources":111,"tags":113},"https://www.openssh.com/txt/release-9.6",[106,112],"nvd",[114],"Release Notes",{"url":116,"sources":117,"tags":118},"https://www.openwall.com/lists/oss-security/2023/12/18/2",[106,112],[119,114],"Mailing List",{"url":121,"sources":122,"tags":123},"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",[106,112],[124],"Patch",{"url":126,"sources":127,"tags":128},"https://www.debian.org/security/2023/dsa-5586",[106,112],[129,130],"Vendor Advisory","Third Party Advisory",{"url":132,"sources":133,"tags":134},"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",[106,112],[130],{"url":136,"sources":137,"tags":138},"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",[106,112],[119,130],{"url":140,"sources":141,"tags":142},"http://www.openwall.com/lists/oss-security/2023/12/26/4",[106,112],[119,130],{"url":144,"sources":145,"tags":146},"https://security.gentoo.org/glsa/202312-17",[106,112],[129,130],{"url":148,"sources":149,"tags":150},"https://security.netapp.com/advisory/ntap-20240105-0005/",[106,112],[],{"url":152,"sources":153,"tags":154},"https://support.apple.com/kb/HT214084",[106,112],[],{"url":156,"sources":157,"tags":158},"http://seclists.org/fulldisclosure/2024/Mar/21",[106,112],[119],{"url":160,"sources":161,"tags":162},"http://www.openwall.com/lists/oss-security/2025/10/07/1",[106,112],[],{"url":164,"sources":165,"tags":166},"http://www.openwall.com/lists/oss-security/2025/10/12/1",[106,112],[],{"url":168,"sources":169,"tags":170},"https://cert-portal.siemens.com/productcert/html/ssa-794697.html",[106,112],[],{"url":172,"sources":173,"tags":174},"https://cert-portal.siemens.com/productcert/html/ssa-769027.html",[106,112],[],{"url":176,"sources":177,"tags":178},"https://cert-portal.siemens.com/productcert/html/ssa-082556.html",[106,112],[],[],{"date":181,"score":103,"percentile":182},"2026-06-04",0.9515,[184,188,192,195,198,201,204,207,210,213,215,218,221,223,226,230,233,236,239,242,244,248,251,253,256,259,262,264,268,271,274,277,279,281,283,286,289,292,295,298,301,303,306,309,312,315,318,320,323,326,328,331,334,337,340,343,345,347,349,352,355,358,360,364,367,369,372,375,377,380,383,385,388,391,394,397,399,401,404,406,409,412,415,418,421,423,426,429,432,435],{"date":185,"score":186,"percentile":187},"2025-11-04",0.12732,0.93687,{"date":189,"score":190,"percentile":191},"2025-11-05",0.14453,0.94143,{"date":193,"score":190,"percentile":194},"2025-11-06",0.94145,{"date":196,"score":190,"percentile":197},"2025-11-07",0.94148,{"date":199,"score":190,"percentile":200},"2025-11-08",0.9415,{"date":202,"score":190,"percentile":203},"2025-11-09",0.94149,{"date":205,"score":190,"percentile":206},"2025-11-10",0.94151,{"date":208,"score":190,"percentile":209},"2025-11-11",0.94153,{"date":211,"score":190,"percentile":212},"2025-11-12",0.94159,{"date":214,"score":190,"percentile":212},"2025-11-13",{"date":216,"score":190,"percentile":217},"2025-11-14",0.94161,{"date":219,"score":190,"percentile":220},"2025-11-15",0.94156,{"date":222,"score":190,"percentile":212},"2025-11-16",{"date":224,"score":190,"percentile":225},"2025-11-17",0.94158,{"date":227,"score":228,"percentile":229},"2025-11-18",0.57103,0.98067,{"date":231,"score":228,"percentile":232},"2025-11-19",0.98069,{"date":234,"score":228,"percentile":235},"2025-11-20",0.9807,{"date":237,"score":190,"percentile":238},"2025-11-21",0.94165,{"date":240,"score":190,"percentile":241},"2025-11-22",0.94163,{"date":243,"score":190,"percentile":238},"2025-11-23",{"date":245,"score":246,"percentile":247},"2025-11-24",0.14152,0.94095,{"date":249,"score":246,"percentile":250},"2025-11-25",0.94098,{"date":252,"score":246,"percentile":250},"2025-11-26",{"date":254,"score":246,"percentile":255},"2025-11-27",0.94101,{"date":257,"score":246,"percentile":258},"2025-11-28",0.94096,{"date":260,"score":246,"percentile":261},"2025-11-29",0.94097,{"date":263,"score":246,"percentile":261},"2025-11-30",{"date":265,"score":266,"percentile":267},"2025-12-01",0.15452,0.94425,{"date":269,"score":266,"percentile":270},"2025-12-02",0.94427,{"date":272,"score":266,"percentile":273},"2025-12-03",0.94428,{"date":275,"score":246,"percentile":276},"2025-12-04",0.94094,{"date":278,"score":246,"percentile":250},"2025-12-05",{"date":280,"score":246,"percentile":250},"2025-12-06",{"date":282,"score":246,"percentile":261},"2025-12-07",{"date":284,"score":246,"percentile":285},"2025-12-08",0.941,{"date":287,"score":246,"percentile":288},"2025-12-09",0.94105,{"date":290,"score":246,"percentile":291},"2025-12-10",0.94114,{"date":293,"score":246,"percentile":294},"2025-12-11",0.94116,{"date":296,"score":246,"percentile":297},"2025-12-12",0.94119,{"date":299,"score":246,"percentile":300},"2025-12-13",0.94117,{"date":302,"score":246,"percentile":294},"2025-12-14",{"date":304,"score":246,"percentile":305},"2025-12-15",0.9412,{"date":307,"score":246,"percentile":308},"2025-12-16",0.94124,{"date":310,"score":246,"percentile":311},"2025-12-17",0.94126,{"date":313,"score":246,"percentile":314},"2025-12-18",0.94131,{"date":316,"score":246,"percentile":317},"2025-12-19",0.94132,{"date":319,"score":246,"percentile":314},"2025-12-20",{"date":321,"score":246,"percentile":322},"2025-12-21",0.94134,{"date":324,"score":246,"percentile":325},"2025-12-22",0.94133,{"date":327,"score":246,"percentile":325},"2025-12-23",{"date":329,"score":246,"percentile":330},"2025-12-24",0.94137,{"date":332,"score":246,"percentile":333},"2025-12-25",0.94144,{"date":335,"score":246,"percentile":336},"2025-12-26",0.94142,{"date":338,"score":246,"percentile":339},"2025-12-27",0.94182,{"date":341,"score":246,"percentile":342},"2025-12-28",0.94141,{"date":344,"score":246,"percentile":342},"2025-12-29",{"date":346,"score":246,"percentile":336},"2025-12-30",{"date":348,"score":246,"percentile":203},"2025-12-31",{"date":350,"score":266,"percentile":351},"2026-01-01",0.9448,{"date":353,"score":266,"percentile":354},"2026-01-02",0.94473,{"date":356,"score":266,"percentile":357},"2026-01-03",0.94471,{"date":359,"score":246,"percentile":191},"2026-01-04",{"date":361,"score":362,"percentile":363},"2026-01-05",0.16522,0.94679,{"date":365,"score":362,"percentile":366},"2026-01-06",0.94678,{"date":368,"score":362,"percentile":363},"2026-01-07",{"date":370,"score":362,"percentile":371},"2026-01-08",0.94684,{"date":373,"score":362,"percentile":374},"2026-01-09",0.94685,{"date":376,"score":362,"percentile":374},"2026-01-10",{"date":378,"score":362,"percentile":379},"2026-01-11",0.94683,{"date":381,"score":362,"percentile":382},"2026-01-12",0.94681,{"date":384,"score":362,"percentile":382},"2026-01-13",{"date":386,"score":362,"percentile":387},"2026-01-14",0.94686,{"date":389,"score":362,"percentile":390},"2026-01-15",0.94687,{"date":392,"score":362,"percentile":393},"2026-01-16",0.94689,{"date":395,"score":362,"percentile":396},"2026-01-17",0.94692,{"date":398,"score":362,"percentile":393},"2026-01-18",{"date":400,"score":362,"percentile":374},"2026-01-19",{"date":402,"score":362,"percentile":403},"2026-01-20",0.9469,{"date":405,"score":362,"percentile":403},"2026-01-21",{"date":407,"score":362,"percentile":408},"2026-01-22",0.94693,{"date":410,"score":362,"percentile":411},"2026-01-23",0.94699,{"date":413,"score":362,"percentile":414},"2026-01-24",0.94704,{"date":416,"score":362,"percentile":417},"2026-01-25",0.94706,{"date":419,"score":362,"percentile":420},"2026-01-26",0.94708,{"date":422,"score":362,"percentile":420},"2026-01-27",{"date":424,"score":362,"percentile":425},"2026-01-28",0.94711,{"date":427,"score":362,"percentile":428},"2026-01-29",0.94712,{"date":430,"score":362,"percentile":431},"2026-01-30",0.94713,{"date":433,"score":362,"percentile":434},"2026-01-31",0.94715,{"date":436,"score":437,"percentile":438},"2026-02-01",0.17983,0.95006,[440,445],{"source":106,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":441,"cvss_v4_0":9},{"baseScore":104,"baseSeverity":442,"vectorString":107,"impactScore":443,"exploitabilityScore":444},"MEDIUM",4.2,10,{"source":112,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":446,"cvss_v4_0":9},{"baseScore":104,"baseSeverity":442,"vectorString":107,"impactScore":443,"exploitabilityScore":444},[448,461],{"ecosystem":9,"name":449,"vendor":450,"product":451,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"debian linux","debian","debian_linux","o",[454,457,459],{"version":455,"is_range":101,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":458,"is_range":101,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"version":460,"is_range":101,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"ecosystem":9,"name":462,"vendor":463,"product":462,"cpe_part":464,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"openssh","openbsd","a",[466],{"version":467,"is_range":468,"range_type":456,"version_start":9,"version_start_type":9,"version_end":469,"version_end_type":470,"fixed_in":9},"lt9.6",true,"9.6","excluding"]