VulnerableCode Package Details - pkg:pypi/paramiko@1.7.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3nbs-d4je-67fb Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19	transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.	1.17.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.18.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.1.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.3.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6zuj-xf3s-nbf9 Aliases: CVE-2018-1000805 GHSA-f2j6-wrhh-v25m PYSEC-2018-69	Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.	2.0.9 Affected by 0 other vulnerabilities. 2.1.6 Affected by 0 other vulnerabilities. 2.2.4 Affected by 0 other vulnerabilities. 2.3.3 Affected by 0 other vulnerabilities. 2.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3nbs-d4je-67fb
Aliases:
CVE-2018-7750
GHSA-232r-66cg-79px
PYSEC-2018-19

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

1.17.6
Affected by 1 other vulnerability.

1.18.5
Affected by 1 other vulnerability.

2.0.8
Affected by 1 other vulnerability.

2.1.5
Affected by 1 other vulnerability.

2.2.3
Affected by 1 other vulnerability.

2.3.2
Affected by 1 other vulnerability.

2.4.1
Affected by 1 other vulnerability.

VCID-6zuj-xf3s-nbf9
Aliases:
CVE-2018-1000805
GHSA-f2j6-wrhh-v25m
PYSEC-2018-69

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

2.0.9
Affected by 0 other vulnerabilities.

2.1.6
Affected by 0 other vulnerabilities.

2.2.4
Affected by 0 other vulnerabilities.

2.3.3
Affected by 0 other vulnerabilities.

2.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-mdkv-a82q-mke5	common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.	CVE-2008-0299 GHSA-wqmm-q65g-2hqr PYSEC-2008-8

Vulnerability

Summary

Aliases

VCID-mdkv-a82q-mke5

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

CVE-2008-0299
GHSA-wqmm-q65g-2hqr
PYSEC-2008-8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T10:21:33.556071+00:00	GitLab Importer	Fixing	VCID-mdkv-a82q-mke5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paramiko/CVE-2008-0299.yml	37.0.0
2025-08-01T09:14:52.130364+00:00	GitLab Importer	Affected by	VCID-6zuj-xf3s-nbf9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paramiko/CVE-2018-1000805.yml	37.0.0
2025-08-01T09:12:49.920282+00:00	GitLab Importer	Affected by	VCID-3nbs-d4je-67fb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/paramiko/CVE-2018-7750.yml	37.0.0
2025-08-01T08:33:58.473121+00:00	PyPI Importer	Affected by	VCID-6zuj-xf3s-nbf9	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0
2025-08-01T08:31:38.658747+00:00	PyPI Importer	Fixing	VCID-mdkv-a82q-mke5	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	37.0.0
2025-08-01T08:04:50.912826+00:00	GHSA Importer	Affected by	VCID-6zuj-xf3s-nbf9	https://github.com/advisories/GHSA-f2j6-wrhh-v25m	37.0.0
2025-08-01T08:01:35.036201+00:00	GHSA Importer	Affected by	VCID-3nbs-d4je-67fb	https://github.com/advisories/GHSA-232r-66cg-79px	37.0.0
2025-07-31T08:07:10.062977+00:00	Pypa Importer	Affected by	VCID-6zuj-xf3s-nbf9	https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2018-69.yaml	37.0.0
2025-07-31T08:04:31.857387+00:00	Pypa Importer	Fixing	VCID-mdkv-a82q-mke5	https://github.com/pypa/advisory-database/blob/main/vulns/paramiko/PYSEC-2008-8.yaml	37.0.0