MEDIUM 6.8

PYSEC-2023-239

Details

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / asyncssh

Introduced in: 0 Fixed in: 2.14.1

Fix pip install --upgrade 'asyncssh>=2.14.1'

References

https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm [ADVISORY]