{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35180?format=json","vulnerability_id":"VCID-yrtm-3xdn-y3dp","summary":"The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.","aliases":[{"alias":"CVE-2018-7749"},{"alias":"PYSEC-2018-108"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10777?format=json","purl":"pkg:pypi/asyncssh@1.12.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.12.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10738?format=json","purl":"pkg:pypi/asyncssh@0.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10739?format=json","purl":"pkg:pypi/asyncssh@0.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10740?format=json","purl":"pkg:pypi/asyncssh@0.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/10741?format=json","purl":"pkg:pypi/asyncssh@0.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/10742?format=json","purl":"pkg:pypi/asyncssh@0.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10743?format=json","purl":"pkg:pypi/asyncssh@0.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10744?format=json","purl":"pkg:pypi/asyncssh@0.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@0.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10745?format=json","purl":"pkg:pypi/asyncssh@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10746?format=json","purl":"pkg:pypi/asyncssh@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10747?format=json","purl":"pkg:pypi/asyncssh@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10748?format=json","purl":"pkg:pypi/asyncssh@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10749?format=json","purl":"pkg:pypi/asyncssh@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10750?format=json","purl":"pkg:pypi/asyncssh@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10751?format=json","purl":"pkg:pypi/asyncssh@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10752?format=json","purl":"pkg:pypi/asyncssh@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10753?format=json","purl":"pkg:pypi/asyncssh@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10754?format=json","purl":"pkg:pypi/asyncssh@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10755?format=json","purl":"pkg:pypi/asyncssh@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10756?format=json","purl":"pkg:pypi/asyncssh@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10757?format=json","purl":"pkg:pypi/asyncssh@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10758?format=json","purl":"pkg:pypi/asyncssh@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10759?format=json","purl":"pkg:pypi/asyncssh@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/10760?format=json","purl":"pkg:pypi/asyncssh@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/10761?format=json","purl":"pkg:pypi/asyncssh@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/10762?format=json","purl":"pkg:pypi/asyncssh@1.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/10763?format=json","purl":"pkg:pypi/asyncssh@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10764?format=json","purl":"pkg:pypi/asyncssh@1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10765?format=json","purl":"pkg:pypi/asyncssh@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10766?format=json","purl":"pkg:pypi/asyncssh@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10767?format=json","purl":"pkg:pypi/asyncssh@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/10768?format=json","purl":"pkg:pypi/asyncssh@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/10769?format=json","purl":"pkg:pypi/asyncssh@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10770?format=json","purl":"pkg:pypi/asyncssh@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10771?format=json","purl":"pkg:pypi/asyncssh@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10772?format=json","purl":"pkg:pypi/asyncssh@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10773?format=json","purl":"pkg:pypi/asyncssh@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10774?format=json","purl":"pkg:pypi/asyncssh@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/10775?format=json","purl":"pkg:pypi/asyncssh@1.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/10776?format=json","purl":"pkg:pypi/asyncssh@1.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dnz-zrf1-87dm"},{"vulnerability":"VCID-dpm4-k8e6-rfbp"},{"vulnerability":"VCID-yrtm-3xdn-y3dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/asyncssh@1.12.0"}],"references":[{"reference_url":"https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4"},{"reference_url":"https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7749","reference_id":"CVE-2018-7749","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7749"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrtm-3xdn-y3dp"}