SSH’s ProxyCommand is a feature quite widely used to proxy ssh connections by allowing to specify custom commands to be used to connect to the server. Arguments to this directive may contain tokens like %h, %u which refer to hostname and username respectively.

When coming from untrusted sources, a hostname can be malicious and look something like `malicious-command` (backticks would allow a command to be executed in shell)

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.