[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-46445":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":341,"aliases":342,"duplicate_of":9,"upstream":345,"downstream":346,"duplicates":357,"related":358,"reserved_at":9,"published_at":359,"modified_at":360,"state":361,"summary":362,"references_raw":371,"kevs":435,"epss":436,"epss_history":439,"metrics":696,"affected":710},"CVE-2023-46445","An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a \"Rogue Extension Negotiation.\"",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-345","Insufficient Verification of Data Authenticity","The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","weakness","Draft","Class",[19,23,76,88,109,113,117,121,125,129,133,337],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-148","Content Spoofing",[92],{"id":93,"name":94,"tactics":95,"countermeasures":99},"T1491","Defacement",[96],{"id":97,"name":98},"TA0105","Impact",[100,105],{"id":101,"name":102,"tactic":103},"D3-DNR","Decoy Network Resource",{"name":104},"Deceive",{"id":106,"name":107,"tactic":108},"D3-NRAM","Network Resource Access Mediation",{"name":75},{"id":110,"name":111,"techniques":112},"CAPEC-218","Spoofing of UDDI/ebXML Messages",[],{"id":114,"name":115,"techniques":116},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":118,"name":119,"techniques":120},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":122,"name":123,"techniques":124},"CAPEC-386","Application API Navigation Remapping",[],{"id":126,"name":127,"techniques":128},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":130,"name":131,"techniques":132},"CAPEC-388","Application API Button Hijacking",[],{"id":134,"name":135,"techniques":136},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[137,173,213],{"id":138,"name":139,"tactics":140,"countermeasures":147},"T1211","Exploitation for Stealth",[141,144],{"id":142,"name":143},"TA0030","Defense Evasion",{"id":145,"name":146},"TA0005","Stealth",[148,152,156,160,165,169],{"id":149,"name":150,"tactic":151},"D3-MBT","Memory Boundary Tracking",{"name":42},{"id":153,"name":154,"tactic":155},"D3-PCSV","Process Code Segment Verification",{"name":42},{"id":157,"name":158,"tactic":159},"D3-SSC","Shadow Stack Comparisons",{"name":42},{"id":161,"name":162,"tactic":163},"D3-PSEP","Process Segment Execution Prevention",{"name":164},"Harden",{"id":166,"name":167,"tactic":168},"D3-SAOR","Segment Address Offset Randomization",{"name":164},{"id":170,"name":171,"tactic":172},"D3-SFCV","Stack Frame Canary Validation",{"name":164},{"id":174,"name":175,"tactics":176,"countermeasures":182},"T1542.002","Component Firmware",[177,178,179],{"id":142,"name":143},{"id":145,"name":146},{"id":180,"name":181},"TA0110","Persistence",[183,188,192,196,200,204,208],{"id":184,"name":185,"tactic":186},"D3-SWI","Software Inventory",{"name":187},"Model",{"id":189,"name":190,"tactic":191},"D3-AVE","Asset Vulnerability Enumeration",{"name":187},{"id":193,"name":194,"tactic":195},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":42},{"id":197,"name":198,"tactic":199},"D3-FV","Firmware Verification",{"name":42},{"id":201,"name":202,"tactic":203},"D3-FBA","Firmware Behavior Analysis",{"name":42},{"id":205,"name":206,"tactic":207},"D3-SU","Software Update",{"name":164},{"id":209,"name":210,"tactic":211},"D3-RS","Restore Software",{"name":212},"Restore",{"id":214,"name":215,"tactics":216,"countermeasures":223},"T1556","Modify Authentication Process",[217,218,221,222],{"id":142,"name":143},{"id":219,"name":220},"TA0112","Defense Impairment",{"id":180,"name":181},{"id":32,"name":33},[224,228,232,236,240,244,248,252,256,260,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333],{"id":225,"name":226,"tactic":227},"D3-CI","Configuration Inventory",{"name":187},{"id":229,"name":230,"tactic":231},"D3-NTPM","Network Traffic Policy Mapping",{"name":187},{"id":233,"name":234,"tactic":235},"D3-AM","Access Modeling",{"name":187},{"id":237,"name":238,"tactic":239},"D3-FA","File Analysis",{"name":42},{"id":241,"name":242,"tactic":243},"D3-FIM","File Integrity Monitoring",{"name":42},{"id":245,"name":246,"tactic":247},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":249,"name":250,"tactic":251},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":253,"name":254,"tactic":255},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":257,"name":258,"tactic":259},"D3-SFA","System File Analysis",{"name":42},{"id":261,"name":262,"tactic":263},"D3-FEV","File Eviction",{"name":264},"Evict",{"id":266,"name":267,"tactic":268},"D3-PT","Process Termination",{"name":264},{"id":270,"name":271,"tactic":272},"D3-PS","Process Suspension",{"name":264},{"id":274,"name":275,"tactic":276},"D3-HR","Host Reboot",{"name":264},{"id":278,"name":279,"tactic":280},"D3-HS","Host Shutdown",{"name":264},{"id":282,"name":283,"tactic":284},"D3-DF","Decoy File",{"name":104},{"id":286,"name":287,"tactic":288},"D3-FE","File Encryption",{"name":164},{"id":290,"name":291,"tactic":292},"D3-RF","Restore File",{"name":212},{"id":294,"name":295,"tactic":296},"D3-RC","Restore Configuration",{"name":212},{"id":298,"name":299,"tactic":300},"D3-CF","Content Filtering",{"name":75},{"id":302,"name":303,"tactic":304},"D3-LFP","Local File Permissions",{"name":75},{"id":306,"name":307,"tactic":308},"D3-RFAM","Remote File Access Mediation",{"name":75},{"id":310,"name":311,"tactic":312},"D3-CQ","Content Quarantine",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CM","Content Modification",{"name":75},{"id":318,"name":319,"tactic":320},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":322,"name":323,"tactic":324},"D3-SCF","System Call Filtering",{"name":75},{"id":326,"name":327,"tactic":328},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":330,"name":331,"tactic":332},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":338,"name":339,"techniques":340},"CAPEC-701","Browser in the Middle (BiTM)",[],[],[343,344],"GHSA-cfc2-wr2v-gxm5","PYSEC-2023-237",[],[347,349,351,353,355],{"_key":348},"UBUNTU-CVE-2023-46445",{"_key":350},"DLA-3899-1",{"_key":352},"USN-7108-1",{"_key":354},"USN-7108-2",{"_key":356},"DEBIAN-CVE-2023-46445",[],[],"2023-11-14T00:00:00.000Z","2026-02-25T17:20:12.613Z","Modified",{"cisa_kev":363,"cisa_ransomware":363,"cisa_vendor":9,"epss_severity":364,"epss_score":365,"severity":366,"severity_score":367,"severity_version":368,"severity_source":369,"severity_vector":370,"severity_status":361},false,"low",0.00448,"medium",5.9,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",[372,381,386,390,394,398,402,406,410,414,418,422,427,431],{"url":373,"sources":374,"tags":377},"https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5",[375,369,376],"cve.org","osv_pypi",[378,379,380],"Third Party Advisory","WEB","Advisory",{"url":382,"sources":383,"tags":384},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/",[375,369],[385],"Vendor Advisory",{"url":387,"sources":388,"tags":389},"https://www.terrapin-attack.com",[375,369,376],[379],{"url":391,"sources":392,"tags":393},"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",[375,369,376],[379],{"url":395,"sources":396,"tags":397},"https://github.com/advisories/GHSA-cfc2-wr2v-gxm5",[375,369,376],[380],{"url":399,"sources":400,"tags":401},"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",[375,369,376],[379],{"url":403,"sources":404,"tags":405},"https://security.netapp.com/advisory/ntap-20231222-0001/",[375,369],[],{"url":407,"sources":408,"tags":409},"https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html",[375,369,376],[379],{"url":411,"sources":412,"tags":413},"https://nvd.nist.gov/vuln/detail/CVE-2023-46445",[376],[380],{"url":415,"sources":416,"tags":417},"https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e",[376],[379],{"url":419,"sources":420,"tags":421},"https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-237.yaml",[376],[379],{"url":423,"sources":424,"tags":425},"https://github.com/ronf/asyncssh",[376],[426],"PACKAGE",{"url":428,"sources":429,"tags":430},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE",[376],[379],{"url":432,"sources":433,"tags":434},"https://security.netapp.com/advisory/ntap-20231222-0001",[376],[379],[],{"date":437,"score":365,"percentile":438},"2026-06-04",0.63892,[440,444,447,449,452,455,458,461,464,467,470,473,476,478,481,485,488,491,495,498,501,504,506,508,511,513,516,518,521,524,527,530,533,535,537,540,543,546,549,552,554,557,560,563,566,569,572,575,578,582,584,587,590,592,595,598,600,603,606,609,612,614,617,619,621,624,626,629,631,634,637,640,643,646,649,652,655,657,661,664,667,670,673,676,678,681,684,687,690,693],{"date":441,"score":442,"percentile":443},"2025-11-04",0.00608,0.68829,{"date":445,"score":442,"percentile":446},"2025-11-05",0.68814,{"date":448,"score":442,"percentile":446},"2025-11-06",{"date":450,"score":442,"percentile":451},"2025-11-07",0.68825,{"date":453,"score":442,"percentile":454},"2025-11-08",0.68827,{"date":456,"score":442,"percentile":457},"2025-11-09",0.68818,{"date":459,"score":442,"percentile":460},"2025-11-10",0.68808,{"date":462,"score":442,"percentile":463},"2025-11-11",0.68817,{"date":465,"score":442,"percentile":466},"2025-11-12",0.68839,{"date":468,"score":442,"percentile":469},"2025-11-13",0.68846,{"date":471,"score":442,"percentile":472},"2025-11-14",0.68853,{"date":474,"score":442,"percentile":475},"2025-11-15",0.68849,{"date":477,"score":442,"percentile":469},"2025-11-16",{"date":479,"score":442,"percentile":480},"2025-11-17",0.68844,{"date":482,"score":483,"percentile":484},"2025-11-18",0.00286,0.49084,{"date":486,"score":483,"percentile":487},"2025-11-19",0.49099,{"date":489,"score":483,"percentile":490},"2025-11-20",0.49086,{"date":492,"score":493,"percentile":494},"2025-11-21",0.00625,0.6939,{"date":496,"score":493,"percentile":497},"2025-11-22",0.69385,{"date":499,"score":493,"percentile":500},"2025-11-23",0.69375,{"date":502,"score":442,"percentile":503},"2025-11-24",0.68838,{"date":505,"score":442,"percentile":469},"2025-11-25",{"date":507,"score":442,"percentile":472},"2025-11-26",{"date":509,"score":442,"percentile":510},"2025-11-27",0.68856,{"date":512,"score":442,"percentile":480},"2025-11-28",{"date":514,"score":442,"percentile":515},"2025-11-29",0.68832,{"date":517,"score":442,"percentile":454},"2025-11-30",{"date":519,"score":442,"percentile":520},"2025-12-01",0.68978,{"date":522,"score":442,"percentile":523},"2025-12-02",0.68987,{"date":525,"score":442,"percentile":526},"2025-12-03",0.68983,{"date":528,"score":442,"percentile":529},"2025-12-04",0.68823,{"date":531,"score":442,"percentile":532},"2025-12-05",0.6884,{"date":534,"score":442,"percentile":480},"2025-12-06",{"date":536,"score":442,"percentile":503},"2025-12-07",{"date":538,"score":442,"percentile":539},"2025-12-08",0.68843,{"date":541,"score":442,"percentile":542},"2025-12-09",0.68873,{"date":544,"score":442,"percentile":545},"2025-12-10",0.68916,{"date":547,"score":442,"percentile":548},"2025-12-11",0.68936,{"date":550,"score":442,"percentile":551},"2025-12-12",0.68962,{"date":553,"score":442,"percentile":551},"2025-12-13",{"date":555,"score":442,"percentile":556},"2025-12-14",0.68967,{"date":558,"score":442,"percentile":559},"2025-12-15",0.68964,{"date":561,"score":442,"percentile":562},"2025-12-16",0.68972,{"date":564,"score":442,"percentile":565},"2025-12-17",0.68985,{"date":567,"score":442,"percentile":568},"2025-12-18",0.69015,{"date":570,"score":442,"percentile":571},"2025-12-19",0.69033,{"date":573,"score":442,"percentile":574},"2025-12-20",0.69032,{"date":576,"score":442,"percentile":577},"2025-12-21",0.69017,{"date":579,"score":580,"percentile":581},"2025-12-22",0.00661,0.705,{"date":583,"score":580,"percentile":581},"2025-12-23",{"date":585,"score":580,"percentile":586},"2025-12-24",0.70509,{"date":588,"score":580,"percentile":589},"2025-12-25",0.70532,{"date":591,"score":580,"percentile":589},"2025-12-26",{"date":593,"score":580,"percentile":594},"2025-12-27",0.70568,{"date":596,"score":580,"percentile":597},"2025-12-28",0.70504,{"date":599,"score":580,"percentile":581},"2025-12-29",{"date":601,"score":580,"percentile":602},"2025-12-30",0.70514,{"date":604,"score":580,"percentile":605},"2025-12-31",0.70535,{"date":607,"score":580,"percentile":608},"2026-01-01",0.70691,{"date":610,"score":580,"percentile":611},"2026-01-02",0.70685,{"date":613,"score":580,"percentile":611},"2026-01-03",{"date":615,"score":580,"percentile":616},"2026-01-04",0.70537,{"date":618,"score":580,"percentile":589},"2026-01-05",{"date":620,"score":580,"percentile":616},"2026-01-06",{"date":622,"score":580,"percentile":623},"2026-01-07",0.70552,{"date":625,"score":580,"percentile":594},"2026-01-08",{"date":627,"score":580,"percentile":628},"2026-01-09",0.70573,{"date":630,"score":580,"percentile":628},"2026-01-10",{"date":632,"score":580,"percentile":633},"2026-01-11",0.70569,{"date":635,"score":580,"percentile":636},"2026-01-12",0.70558,{"date":638,"score":580,"percentile":639},"2026-01-13",0.70555,{"date":641,"score":580,"percentile":642},"2026-01-14",0.70582,{"date":644,"score":580,"percentile":645},"2026-01-15",0.70588,{"date":647,"score":580,"percentile":648},"2026-01-16",0.70606,{"date":650,"score":580,"percentile":651},"2026-01-17",0.706,{"date":653,"score":580,"percentile":654},"2026-01-18",0.70581,{"date":656,"score":580,"percentile":628},"2026-01-19",{"date":658,"score":659,"percentile":660},"2026-01-20",0.00567,0.67885,{"date":662,"score":659,"percentile":663},"2026-01-21",0.67894,{"date":665,"score":659,"percentile":666},"2026-01-22",0.67905,{"date":668,"score":659,"percentile":669},"2026-01-23",0.67934,{"date":671,"score":659,"percentile":672},"2026-01-24",0.67945,{"date":674,"score":659,"percentile":675},"2026-01-25",0.67914,{"date":677,"score":659,"percentile":666},"2026-01-26",{"date":679,"score":659,"percentile":680},"2026-01-27",0.67913,{"date":682,"score":659,"percentile":683},"2026-01-28",0.67924,{"date":685,"score":659,"percentile":686},"2026-01-29",0.67921,{"date":688,"score":659,"percentile":689},"2026-01-30",0.67928,{"date":691,"score":659,"percentile":692},"2026-01-31",0.67931,{"date":694,"score":659,"percentile":695},"2026-02-01",0.68083,[697,702,708],{"source":369,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":698,"cvss_v4_0":9},{"baseScore":367,"baseSeverity":699,"vectorString":370,"impactScore":700,"exploitabilityScore":701},"MEDIUM",6,5.6,{"source":376,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":703,"cvss_v4_0":9},{"baseScore":704,"baseSeverity":9,"vectorString":705,"impactScore":706,"exploitabilityScore":707},5.3,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",2.3,10,{"source":375,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":709,"cvss_v4_0":9},{"baseScore":367,"baseSeverity":699,"vectorString":370,"impactScore":700,"exploitabilityScore":701},[711,722],{"ecosystem":9,"name":712,"vendor":713,"product":712,"cpe_part":714,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":715},"asyncssh","asyncssh_project","a",[716],{"version":717,"is_range":718,"range_type":719,"version_start":9,"version_start_type":9,"version_end":720,"version_end_type":721,"fixed_in":9},"lt2.14.1",true,"cpe","2.14.1","excluding",{"ecosystem":723,"name":712,"vendor":723,"product":712,"cpe_part":9,"purl_type":724,"purl_namespace":9,"purl_name":712,"source":9,"versions":725},"PyPI","pypi",[726],{"version":727,"is_range":718,"range_type":728,"version_start":9,"version_start_type":9,"version_end":720,"version_end_type":721,"fixed_in":9},"lt2_14_1","ecosystem"]