{"id":"PYSEC-2018-108","details":"The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.","aliases":["CVE-2018-7749","GHSA-97cv-6pjf-5f9q"],"modified":"2023-11-08T04:00:23.443004Z","published":"2018-03-12T19:29:00Z","references":[{"type":"FIX","url":"https://github.com/ronf/asyncssh/commit/c161e26cdc0d41b745b63d9f17b437f073bf7ba4"},{"type":"WEB","url":"https://groups.google.com/forum/#!msg/asyncssh-announce/57_5O7kiHSA/8BXZ_hxHAQAJ"}],"affected":[{"package":{"name":"asyncssh","ecosystem":"PyPI","purl":"pkg:pypi/asyncssh"},"ranges":[{"type":"GIT","repo":"https://github.com/ronf/asyncssh","events":[{"introduced":"0"},{"fixed":"c161e26cdc0d41b745b63d9f17b437f073bf7ba4"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.1"}]}],"versions":["0.8.1","0.8.2","0.8.3","0.8.4","0.9.0","0.9.1","0.9.2","1.0.0","1.0.1","1.1.0","1.1.1","1.10.0","1.10.1","1.11.0","1.11.1","1.12.0","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.6.0","1.6.1","1.6.2","1.7.1","1.7.2","1.7.3","1.8.0","1.8.1","1.9.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/asyncssh/PYSEC-2018-108.yaml"}}],"schema_version":"1.7.3"}