Python/paramiko/1.16.0

SSH2 protocol library

https://pypi.org/project/paramiko
LGPL-3.0-or-later

3 Security Vulnerabilities

Paramiko not properly checking authentication before processing other requests

Published date: 2018-07-12T20:29:30Z
CVE: CVE-2018-7750
Links:

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.5.2", "1.10.0", "1.10.7", "1.13.1", "1.5.4", "1.7", "1.7.2", "0.1-bulbasaur", "0.9-doduo", "0.9-fearow", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.3.1", "1.7.1", "1.7.5", "0.9-horsea", "1.1", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.3", "1.6.3", "1.7.7.1", "0.1-charmander", "0.9-eevee", "1.0", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.8.1", "0.9-gyarados", "1.12.0", "1.15.2", "1.16.2", "1.4", "1.5.1", "1.6.1", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.2", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "0.9-ivysaur", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "1.18.2", "1.18.3", "1.18.1", "1.18.4", "1.18.0", "2.4.0", "2.3.1", "2.3.0", "2.2.0", "2.2.2", "2.2.1", "2.1.2", "2.1.4", "2.1.3", "2.1.0", "2.1.1", "2.0.1", "2.0.4", "2.0.6", "2.0.7", "2.0.0", "2.0.5", "2.0.3", "2.0.2"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

Paramiko Authentication Bypass vulnerability

Published date: 2018-10-10T16:10:10Z
CVE: CVE-2018-1000805
Links:

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.7.1", "1.7.5", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.5.1", "1.6.1", "2.0.5", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.1.5", "2.1.2", "2.1.4", "2.1.3", "2.1.0", "2.1.1", "2.2.0", "2.2.3", "2.2.2", "2.2.1", "2.3.1", "2.3.0", "2.3.2", "2.4.0", "2.4.1"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

Paramiko rsakey.py allows the SHA-1 algorithm

Published date: 2026-05-06T00:31:33Z
CVE: CVE-2026-44405
Links:

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

Affected versions: ["1.10.1", "1.10.5", "1.16.1", "1.17.6", "1.5.2", "2.0.1", "2.0.4", "1.10.0", "1.10.7", "1.13.1", "1.18.2", "1.18.3", "1.5.4", "1.7", "1.7.2", "0.1-bulbasaur", "0.9-doduo", "0.9-fearow", "1.10.3", "1.11.0", "1.14.2", "1.17.2", "1.3.1", "1.7.1", "1.7.5", "0.9-horsea", "1.1", "1.10.6", "1.11.1", "1.12.2", "1.14.0", "1.15.0", "1.15.3", "1.17.0", "1.17.1", "1.17.3", "1.3", "1.6.3", "1.7.7.1", "2.0.6", "2.0.7", "2.0.8", "0.1-charmander", "0.9-eevee", "1.0", "1.10.2", "1.10.4", "1.15.1", "1.15.4", "1.17.5", "1.18.1", "1.18.4", "1.8.1", "2.0.0", "2.1.5", "2.1.6", "2.4.3", "2.5.1", "2.1.2", "2.1.4", "2.2.0", "2.2.4", "2.3.3", "0.9-gyarados", "1.12.0", "1.15.2", "1.16.2", "1.18.0", "1.4", "1.5.1", "1.6.1", "2.0.5", "2.1.3", "2.3.1", "2.5.0", "2.2.3", "2.6.0", "1.11.3", "1.11.4", "1.12.1", "1.13.4", "1.17.4", "1.18.5", "1.2", "1.6.2", "1.6.4", "1.7.6", "1.8.0", "1.9.0", "2.0.3", "2.0.9", "2.1.0", "2.3.0", "2.4.2", "2.7.1", "2.1.1", "2.2.2", "2.4.0", "2.7.2", "0.9-ivysaur", "1.11.2", "1.11.5", "1.11.6", "1.12.3", "1.12.4", "1.13.0", "1.13.2", "1.13.3", "1.14.1", "1.14.3", "1.15.5", "1.16.0", "1.16.3", "1.6", "1.7.4", "1.7.7.2", "2.0.2", "2.4.1", "2.7.0", "2.2.1", "2.3.2", "2.8.0", "2.8.1", "2.9.0", "2.9.1", "2.9.2", "2.10.0", "2.10.1", "2.10.2", "2.10.3", "2.9.3", "2.10.4", "2.9.4", "2.10.5", "2.11.0", "2.9.5", "2.10.6", "2.12.0", "2.11.1", "3.0.0", "3.1.0", "3.2.0", "3.3.1", "3.3.0", "3.4.0", "3.4.1", "3.3.2", "3.5.0", "3.5.1", "4.0.0"]
Secure versions: [5.0.0]
Recommendation: Update to version 5.0.0.

151 Other Versions

Version License Security Released
1.12.2 LGPL-3.0-or-later 3 2014-02-14 - 18:06 over 12 years
1.12.1 LGPL-3.0-or-later 3 2014-01-09 - 00:45 over 12 years
1.12.0 LGPL-3.0-or-later 3 2013-09-28 - 05:06 over 12 years
1.11.6 LGPL-3.0-or-later 3 2014-05-07 - 21:34 about 12 years
1.11.5 LGPL-3.0-or-later 3 2014-03-14 - 04:28 over 12 years
1.11.4 LGPL-3.0-or-later 3 2014-02-14 - 18:06 over 12 years
1.11.3 LGPL-3.0-or-later 3 2014-01-09 - 00:42 over 12 years
1.11.2 LGPL-3.0-or-later 3 2013-09-28 - 05:06 over 12 years
1.11.1 LGPL-3.0-or-later 3 2013-09-21 - 01:02 over 12 years
1.11.0 LGPL-3.0-or-later 3 2013-07-26 - 22:08 almost 13 years
1.10.7 LGPL-3.0-or-later 3 2014-03-14 - 04:26 over 12 years
1.10.6 LGPL-3.0-or-later 3 2014-02-14 - 18:06 over 12 years
1.10.5 LGPL-3.0-or-later 3 2014-01-09 - 00:42 over 12 years
1.10.4 LGPL-3.0-or-later 3 2013-09-28 - 05:04 over 12 years
1.10.3 LGPL-3.0-or-later 3 2013-09-21 - 00:56 over 12 years
1.10.2 LGPL-3.0-or-later 3 2013-07-26 - 22:08 almost 13 years
1.10.1 LGPL-3.0-or-later 3 2013-04-05 - 20:04 about 13 years
1.10.0 LGPL-3.0-or-later 3 2013-03-01 - 22:58 over 13 years
1.9.0 LGPL-3.0-or-later 3 2012-11-06 - 22:53 over 13 years
1.8.1 LGPL-3.0-or-later 3 2012-11-06 - 21:57 over 13 years
1.8.0 LGPL-3.0-or-later 3 2012-10-03 - 00:08 over 13 years
1.7.7.2 LGPL-3.0-or-later 3 2012-05-17 - 01:34 about 14 years
1.7.7.1 LGPL-3.0-or-later 3 2011-05-23 - 23:24 about 15 years
1.7.6 LGPL-3.0-or-later 3 2010-10-27 - 03:00 over 15 years
1.7.5 LGPL-3.0-or-later 3 2012-09-26 - 22:51 over 13 years
1.7.4 LGPL-3.0-or-later 3 2012-09-30 - 21:10 over 13 years
1.7.2 LGPL-3.0-or-later 3 2012-09-26 - 22:50 over 13 years
1.7.1 LGPL-3.0-or-later 4 2012-09-26 - 22:50 over 13 years
1.7 LGPL-3.0-or-later 4 2012-09-26 - 22:49 over 13 years
1.6.4 LGPL-3.0-or-later 4 2012-09-26 - 22:48 over 13 years
1.6.3 LGPL-3.0-or-later 4 2012-09-26 - 22:48 over 13 years
1.6.2 LGPL-3.0-or-later 4 2012-09-26 - 22:47 over 13 years
1.6.1 LGPL-3.0-or-later 4 2012-09-26 - 22:47 over 13 years
1.6 LGPL-3.0-or-later 4 2012-09-26 - 22:46 over 13 years
1.5.4 LGPL-3.0-or-later 4 2012-09-26 - 22:46 over 13 years
1.5.2 LGPL-3.0-or-later 4 2012-09-26 - 22:45 over 13 years
1.5.1 LGPL-3.0-or-later 4 2012-09-26 - 22:44 over 13 years
1.4 LGPL-3.0-or-later 3 2012-09-26 - 22:43 over 13 years
1.3.1 LGPL-3.0-or-later 3 2012-09-26 - 22:42 over 13 years
1.3 LGPL-3.0-or-later 3 2012-09-26 - 22:42 over 13 years
1.2 LGPL-3.0-or-later 3 2012-09-26 - 22:41 over 13 years
1.1 LGPL-3.0-or-later 3 2012-09-26 - 22:40 over 13 years
1.0 LGPL-3.0-or-later 3 2012-09-26 - 22:39 over 13 years
0.1-bulbasaur LGPL-3.0-or-later 3 2012-09-26 - 22:31 over 13 years
0.9-doduo LGPL-3.0-or-later 3 2012-09-26 - 22:33 over 13 years
0.9-fearow LGPL-3.0-or-later 3 2012-09-26 - 22:35 over 13 years
0.9-horsea LGPL-3.0-or-later 3 2012-09-26 - 22:38 over 13 years
0.1-charmander LGPL-3.0-or-later 3 2012-09-26 - 22:33 over 13 years
0.9-eevee LGPL-3.0-or-later 3 2012-09-26 - 22:35 over 13 years
0.9-gyarados LGPL-3.0-or-later 3 2012-09-26 - 22:36 over 13 years