CVE 2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
See the 
CVE page on Mitre.org
for more details.
