{"id":"CVE-2023-37154","details":"check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \\${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.","aliases":["GHSA-p3gv-vmpx-hhw4"],"modified":"2026-05-19T06:03:17.118086Z","published":"2024-10-09T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37154.json"},"references":[{"type":"WEB","url":"https://joshua.hu/nagios-hacking-cve-2023-37154"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37154.json"},{"type":"ADVISORY","url":"https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37154"},{"type":"FIX","url":"https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nagios-plugins/nagios-plugins","events":[{"introduced":"0"},{"fixed":"e8810de21be80148562b7e0168b0a62aeedffde6"}],"database_specific":{"source":"REFERENCES"}}],"versions":["release-2.4.4","release-2.4.3","release-2.4.2","release-2.4.1","release-2.4.0","release-2.3.3","release-2.3.2","release-2.3.1","release-2.3.0","release-2.2.1","release-2.2.0","release-2.1.4","release-2.1.3","release-2.1.2","release-2.1.1","release-2.1.0","release-2.0.2","release-1.5","release-1.4.16","release-1.4.15","release-1.4.14","release-1.4.13","release-1.4.12","release-1.4.11","release-1.4.10","release-1.4.9","release-1.4.8","release-1.4.7","release-1.4.6","release-1.4.5","release-1.4.4","release-1.4.3","release-1.4.2","release-1.4.1","release-1.4","r1_4-beta1","r1_4_0-alpha3","r1_4_0-alpha2","release-1.3.1","r1_3_0-beta3","r1_3_0-beta2"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","id":"CVE-2023-37154-96967795","target":{"function":"process_arguments","file":"plugins/check_by_ssh.c"},"deprecated":false,"source":"https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6","signature_version":"v1","digest":{"function_hash":"65435622679889613038174802112533940077","length":4281}},{"signature_type":"Line","id":"CVE-2023-37154-f29e0e4a","target":{"file":"plugins/check_by_ssh.c"},"deprecated":false,"source":"https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["1764226779147952800252069985963470210","29510619766522554077519892227178996097","334559933293457597800218740066589645011","73330748222578045117660887084600810860","290319796360619242676652231027428424723","59832891395856060679566955438359375680"]}}],"vanir_signatures_modified":"2026-05-19T06:03:17Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37154.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}