PYSEC-2018-108

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/asyncssh/PYSEC-2018-108.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2018-108

Aliases

Published

2018-03-12T19:29:00Z

Modified

2026-06-10T17:00:33.594586942Z

Summary

[none]

Details

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.

References

Affected packages

PyPI / asyncssh

Package

Name: asyncssh; View open source insights on deps.dev
Purl: pkg:pypi/asyncssh

Affected ranges

Type: GIT
Repo: https://github.com/ronf/asyncssh
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c161e26cdc0d41b745b63d9f17b437f073bf7ba4

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.1

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.9.0

v0.9.1

v0.9.2

0.*

0.8.1

0.8.2

0.8.3

0.8.4

0.9.0

0.9.1

0.9.2

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.6.0

1.6.1

1.6.2

1.7.1

1.7.2

1.7.3

1.8.0

1.8.1

1.9.0

1.10.0

1.10.1

1.11.0

1.11.1

1.12.0

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.6.0

v1.6.1

v1.6.2

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.9.0

v1.10.0

v1.10.1

v1.11.0

v1.11.1

v1.12.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/asyncssh/PYSEC-2018-108.yaml"