In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
1:7.5p1-101:7.5p1-81:7.5p1-91:7.5p1-9build11:8.2p1-4ubuntu0.111:7.5p1-11build11:8.9p1-3ubuntu0.61:7.5p1-121:7.5p1-12build11:7.5p1-131:9.6p1-3ubuntu11:7.5p1-141:7.5p1-151:7.5p1-15build11:7.5p1-161:7.5p1-171:7.5p1-171:7.5p1-181:6.2p2-61:6.2p2-6ubuntu11:6.4p1-11:6.4p1-21:6.5p1-11:6.5p1-21:6.5p1-31:6.5p1-41:6.5p1-61:6.6p1-1+15 moreExploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:LI:LA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N