Description: Using the ProxyCommand or the ProxyJump feature enables users to exploit unchecked hostname syntax on the client, which enables to inject malicious code into the command of the above-mentioned features through the hostname parameter. User interaction is required to exploit this issue. Broken commit info: Bugfix commit info: https://git.libssh.org/projects/libssh.git/commit/?id=2c92e8ce930a428a6fd150ae1ae55c5a365543f5 https://gitlab.com/libssh/libssh-security/-/merge_requests/26 https://git.libssh.org/projects/libssh.git/commit/?id=95c6f880ef1539635bb82a134f7b8a06a46887ca https://git.libssh.org/projects/libssh.git/commit/?id=0ff85b034a04d45e79a79cd5666b348b5e27800d
PR: https://gitee.com/src-anolis-os/libssh/pulls/16