CVE-2008-0299

Paramiko Unsafe randomness usage may allow access to sensitive information in pypi/paramiko

Identifiers

GHSA-wqmm-q65g-2hqr, CVE-2008-0299

Package Slug

pypi/paramiko

Vulnerability

Paramiko Unsafe randomness usage may allow access to sensitive information

Description

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Affected Versions

All versions up to 1.7.1-2

Solution

Upgrade to version 1.7.1-3 or above.

Last Modified

2024-02-12

source