Skip to content

[GHSA-2q4c-3mrw-63c3] Kopia: RCE via SSH ProxyCommand Injection#7750

Closed
poeck wants to merge 1 commit into
poeck/advisory-improvement-7750from
poeck-GHSA-2q4c-3mrw-63c3
Closed

[GHSA-2q4c-3mrw-63c3] Kopia: RCE via SSH ProxyCommand Injection#7750
poeck wants to merge 1 commit into
poeck/advisory-improvement-7750from
poeck-GHSA-2q4c-3mrw-63c3

Conversation

@poeck

@poeck poeck commented May 20, 2026

Copy link
Copy Markdown

Updates

  • References

Comments
The added reference provides broader technical context for this advisory, including a root-cause analysis and remediation guidance. It is intended to help users understand the advisory impact and mitigation details.

@github

github commented May 20, 2026

Copy link
Copy Markdown
Collaborator

Hi there @jkowalski! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

@github-actions github-actions Bot changed the base branch from main to poeck/advisory-improvement-7750 May 20, 2026 00:36
@github-actions

Copy link
Copy Markdown

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions Bot added the Stale label Jun 27, 2026
@poeck

poeck commented Jun 27, 2026

Copy link
Copy Markdown
Author

bump

@github-actions github-actions Bot removed the Stale label Jun 28, 2026
@taladrane

Copy link
Copy Markdown
Collaborator

Hi @poeck, thanks for the contribution!

Per our contribution guidelines:

Advisory references are intended to be supplemental, relevant information for the reader. We aim to include primary source references provided by the CVE or GHSA authors, supplement with relevant code or documentation when applicable, and focus on concision and relevance for any additional references. We generally avoid including secondary source write ups on advisories unless they are provided by the upstream source.

The reference you've proposed (https://blinkdisk.com/security/analysis/cve-2026-45695) is a third-party write-up rather than content published by the upstream Kopia project or the CVE/GHSA authors, so it falls into the category of secondary source material we don't typically include. The advisory already links to the upstream fix PR and the Kopia package, which cover the primary source information for this vulnerability.

We're going to close this one out, but we appreciate you taking the time to suggest an improvement. Thanks again!

@github-actions github-actions Bot deleted the poeck-GHSA-2q4c-3mrw-63c3 branch June 29, 2026 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants