GHSA-wqmm-q65g-2hqr

Suggest an improvement
Source
https://github.com/advisories/GHSA-wqmm-q65g-2hqr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wqmm-q65g-2hqr/GHSA-wqmm-q65g-2hqr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wqmm-q65g-2hqr
Aliases
Published
2022-05-01T23:28:57Z
Modified
2024-02-16T08:12:32.653240Z
Summary
Paramiko Unsafe randomness usage may allow access to sensitive information
Details

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

References

Affected packages

PyPI / paramiko

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-3

Affected versions

0.*

0.1-bulbasaur
0.1-charmander
0.9-doduo
0.9-eevee
0.9-fearow
0.9-gyarados
0.9-horsea
0.9-ivysaur

1.*

1.0
1.1
1.2
1.3
1.3.1
1.4
1.5.1
1.5.2
1.5.4
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.7
1.7.1

Database specific

{
    "last_known_affected_version_range": "<= 1.7.1-2"
}