Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/paramiko@2.0.0
Typepypi
Namespace
Nameparamiko
Version2.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.9
Latest_non_vulnerable_version3.4.0
Affected_by_vulnerabilities
0
url VCID-mfvw-qzb9-8bax
vulnerability_id VCID-mfvw-qzb9-8bax
summary transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0591
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0591
1
reference_url https://access.redhat.com/errata/RHSA-2018:0646
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:0646
2
reference_url https://access.redhat.com/errata/RHSA-2018:1124
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1124
3
reference_url https://access.redhat.com/errata/RHSA-2018:1125
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1125
4
reference_url https://access.redhat.com/errata/RHSA-2018:1213
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1213
5
reference_url https://access.redhat.com/errata/RHSA-2018:1274
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1274
6
reference_url https://access.redhat.com/errata/RHSA-2018:1328
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1328
7
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1525
8
reference_url https://access.redhat.com/errata/RHSA-2018:1972
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1972
9
reference_url https://github.com/advisories/GHSA-232r-66cg-79px
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-232r-66cg-79px
10
reference_url https://github.com/paramiko/paramiko
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko
11
reference_url https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763
12
reference_url https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
13
reference_url https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c
14
reference_url https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
15
reference_url https://github.com/paramiko/paramiko/issues/1175
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/issues/1175
16
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml
17
reference_url https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
18
reference_url https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
19
reference_url https://usn.ubuntu.com/3603-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3603-1
20
reference_url https://usn.ubuntu.com/3603-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3603-1/
21
reference_url https://usn.ubuntu.com/3603-2
reference_id
reference_type
scores
url https://usn.ubuntu.com/3603-2
22
reference_url https://usn.ubuntu.com/3603-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3603-2/
23
reference_url https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713
reference_id
reference_type
scores
url https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713
24
reference_url https://www.exploit-db.com/exploits/45712
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45712
25
reference_url https://www.exploit-db.com/exploits/45712/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45712/
26
reference_url http://www.securityfocus.com/bid/103713
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103713
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7750
reference_id CVE-2018-7750
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7750
fixed_packages
0
url pkg:pypi/paramiko@2.0.8
purl pkg:pypi/paramiko@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qrh9-bxde-fqau
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.0.8
1
url pkg:pypi/paramiko@2.1.5
purl pkg:pypi/paramiko@2.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.1.5
2
url pkg:pypi/paramiko@2.2.3
purl pkg:pypi/paramiko@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.2.3
3
url pkg:pypi/paramiko@2.3.2
purl pkg:pypi/paramiko@2.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.3.2
4
url pkg:pypi/paramiko@2.4.1
purl pkg:pypi/paramiko@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.4.1
aliases CVE-2018-7750, GHSA-232r-66cg-79px, PYSEC-2018-19
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfvw-qzb9-8bax
1
url VCID-qrh9-bxde-fqau
vulnerability_id VCID-qrh9-bxde-fqau
summary Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
references
0
reference_url https://access.redhat.com/errata/RHBA-2018:3497
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2018:3497
1
reference_url https://access.redhat.com/errata/RHSA-2018:3347
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3347
2
reference_url https://access.redhat.com/errata/RHSA-2018:3406
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3406
3
reference_url https://access.redhat.com/errata/RHSA-2018:3505
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3505
4
reference_url https://github.com/advisories/GHSA-f2j6-wrhh-v25m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-f2j6-wrhh-v25m
5
reference_url https://github.com/paramiko/paramiko
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko
6
reference_url https://github.com/paramiko/paramiko/issues/1283
reference_id
reference_type
scores
url https://github.com/paramiko/paramiko/issues/1283
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml
8
reference_url https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
reference_id
reference_type
scores
url https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
9
reference_url https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
10
reference_url https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
11
reference_url https://usn.ubuntu.com/3796-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-1
12
reference_url https://usn.ubuntu.com/3796-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-1/
13
reference_url https://usn.ubuntu.com/3796-2
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-2
14
reference_url https://usn.ubuntu.com/3796-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-2/
15
reference_url https://usn.ubuntu.com/3796-3
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-3
16
reference_url https://usn.ubuntu.com/3796-3/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3796-3/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000805
reference_id CVE-2018-1000805
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000805
fixed_packages
0
url pkg:pypi/paramiko@2.0.9
purl pkg:pypi/paramiko@2.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.0.9
1
url pkg:pypi/paramiko@2.1.6
purl pkg:pypi/paramiko@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.1.6
2
url pkg:pypi/paramiko@2.2.4
purl pkg:pypi/paramiko@2.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.2.4
3
url pkg:pypi/paramiko@2.3.3
purl pkg:pypi/paramiko@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.3.3
4
url pkg:pypi/paramiko@2.4.2
purl pkg:pypi/paramiko@2.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.4.2
aliases CVE-2018-1000805, GHSA-f2j6-wrhh-v25m, PYSEC-2018-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrh9-bxde-fqau
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/paramiko@2.0.0