Source: paramiko
Version: 1.15.1-1
Severity: grave
Tags: security upstream


the following vulnerability was published for paramiko.

| in the SSH server implementation of Paramiko before
| 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5,
| 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not
| properly check whether authentication is completed before processing
| other requests, as demonstrated by channel-open. A customized SSH
| client can simply skip the authentication step.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



Reply via email to