Python/paramiko/1.15.4

SSH2 protocol library

https://pypi.org/project/paramiko
LGPL-3.0-or-later

3 Security Vulnerabilities

Paramiko not properly checking authentication before processing other requests

Published date: 2018-07-12T20:29:30Z
CVE: CVE-2018-7750
Links:

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.5.2", "1.10.0", "1.10.7", "1.13.1", "1.5.4", "1.7", "1.7.2", "0.1-bulbasaur", "0.9-doduo", "0.9-fearow", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.3.1", "1.7.1", "1.7.5", "0.9-horsea", "1.1", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.3", "1.6.3", "1.7.7.1", "0.1-charmander", "0.9-eevee", "1.0", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.8.1", "0.9-gyarados", "1.12.0", "1.15.2", "1.16.2", "1.4", "1.5.1", "1.6.1", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.2", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "0.9-ivysaur", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "1.18.2", "1.18.3", "1.18.1", "1.18.4", "1.18.0", "2.4.0", "2.3.1", "2.3.0", "2.2.0", "2.2.2", "2.2.1", "2.1.2", "2.1.4", "2.1.3", "2.1.0", "2.1.1", "2.0.1", "2.0.4", "2.0.6", "2.0.7", "2.0.0", "2.0.5", "2.0.3", "2.0.2"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

Paramiko Authentication Bypass vulnerability

Published date: 2018-10-10T16:10:10Z
CVE: CVE-2018-1000805
Links:

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.7.1", "1.7.5", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.5.1", "1.6.1", "2.0.5", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.1.5", "2.1.2", "2.1.4", "2.1.3", "2.1.0", "2.1.1", "2.2.0", "2.2.3", "2.2.2", "2.2.1", "2.3.1", "2.3.0", "2.3.2", "2.4.0", "2.4.1"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

Paramiko rsakey.py allows the SHA-1 algorithm

Published date: 2026-05-06T00:31:33Z
CVE: CVE-2026-44405
Links:

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "0.1-bulbasaur", "0.9-doduo", "0.9-fearow", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.3.1", "1.7.1", "1.7.5", "0.9-horsea", "1.1", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "0.1-charmander", "0.9-eevee", "1.0", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "2.1.5", "2.1.6", "2.4.3", "2.5.1", "2.1.2", "2.1.4", "2.2.0", "2.2.4", "2.3.3", "0.9-gyarados", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.4", "1.5.1", "1.6.1", "2.0.5", "2.1.3", "2.3.1", "2.5.0", "2.2.3", "2.6.0", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.2", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "2.0.9", "2.1.0", "2.3.0", "2.4.2", "2.7.1", "2.1.1", "2.2.2", "2.4.0", "2.7.2", "0.9-ivysaur", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.4.1", "2.7.0", "2.2.1", "2.3.2", "2.8.0", "2.8.1", "2.9.0", "2.9.1", "2.9.2", "2.10.0", "2.10.1", "2.10.2", "2.10.3", "2.9.3", "2.10.4", "2.9.4", "2.10.5", "2.11.0", "2.9.5", "2.10.6", "2.12.0", "2.11.1", "3.0.0", "3.1.0", "3.2.0", "3.3.1", "3.3.0", "3.4.0", "3.4.1", "3.3.2", "3.5.0", "3.5.1", "4.0.0"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

151 Other Versions

Version License Security Released
5.0.0 UNKNOWN
4.0.0 UNKNOWN 1
3.5.1 LGPL-3.0-or-later 1 1970-01-01 - 00:00 over 56 years
3.5.0 LGPL-3.0-or-later 1 1970-01-01 - 00:00 over 56 years
3.4.1 LGPL-3.0-or-later 1 1970-01-01 - 00:00 over 56 years
3.4.0 LGPL-3.0-or-later 1 1970-01-01 - 00:00 over 56 years
3.3.2 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
3.3.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
3.3.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
3.2.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
3.1.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
3.0.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
2.12.0 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
2.11.1 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
2.11.0 LGPL-3.0-or-later 2 2022-05-17 - 01:07 about 4 years
2.10.6 LGPL-3.0-or-later 2 1970-01-01 - 00:00 over 56 years
2.10.5 LGPL-3.0-or-later 2 2022-05-17 - 01:04 about 4 years
2.10.4 LGPL-3.0-or-later 2 2022-04-25 - 18:21 about 4 years
2.10.3 LGPL-3.0-or-later 2 2022-03-18 - 21:03 over 4 years
2.10.2 LGPL-3.0-or-later 2 2022-03-14 - 23:27 over 4 years
2.10.1 LGPL-3.0-or-later 2 2022-03-12 - 04:23 over 4 years
2.10.0 LGPL-3.0-or-later 3 2022-03-12 - 03:45 over 4 years
2.9.5 LGPL-3.0-or-later 2 2022-05-17 - 01:02 about 4 years
2.9.4 LGPL-3.0-or-later 2 2022-04-25 - 16:24 about 4 years
2.9.3 LGPL-3.0-or-later 2 2022-03-18 - 21:01 over 4 years
2.9.2 LGPL-3.0-or-later 3 2022-01-08 - 19:30 over 4 years
2.9.1 LGPL-3.0-or-later 3 2021-12-24 - 19:54 over 4 years
2.9.0 LGPL-3.0-or-later 3 2021-12-23 - 22:46 over 4 years
2.8.1 LGPL-3.0-or-later 2 2021-11-29 - 03:58 over 4 years
2.8.0 LGPL-3.0-or-later 2 2021-10-09 - 21:45 over 4 years
2.7.2 LGPL-3.0-or-later 2 2020-08-30 - 19:56 almost 6 years
2.7.1 LGPL-3.0-or-later 2 2019-12-09 - 23:21 over 6 years
2.7.0 LGPL-3.0-or-later 2 2019-12-03 - 22:58 over 6 years
2.6.0 LGPL-3.0-or-later 2 2019-06-23 - 22:48 almost 7 years
2.5.1 LGPL-3.0-or-later 2 2019-06-23 - 22:47 almost 7 years
2.5.0 LGPL-3.0-or-later 2 2019-06-10 - 01:00 about 7 years
2.4.3 LGPL-3.0-or-later 1 2019-06-23 - 22:45 almost 7 years
2.4.2 LGPL-3.0-or-later 1 2018-09-19 - 04:22 over 7 years
2.4.1 LGPL-3.0-or-later 2 2018-03-13 - 01:30 over 8 years
2.4.0 LGPL-3.0-or-later 3 2017-11-14 - 22:21 over 8 years
2.3.3 LGPL-3.0-or-later 1 2018-09-19 - 04:21 over 7 years
2.3.2 LGPL-3.0-or-later 2 2018-03-13 - 01:30 over 8 years
2.3.1 LGPL-3.0-or-later 3 2017-09-22 - 20:16 over 8 years
2.3.0 LGPL-3.0-or-later 3 2017-09-18 - 19:18 over 8 years
2.2.4 LGPL-3.0-or-later 1 2018-09-19 - 04:21 over 7 years
2.2.3 LGPL-3.0-or-later 2 2018-03-13 - 01:28 over 8 years
2.2.2 LGPL-3.0-or-later 3 2017-09-18 - 19:17 over 8 years
2.2.1 LGPL-3.0-or-later 3 2017-06-13 - 20:14 about 9 years
2.2.0 LGPL-3.0-or-later 3 2017-06-09 - 22:10 about 9 years
2.1.6 LGPL-3.0-or-later 1 2018-09-19 - 04:20 over 7 years