Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mOHdnLTM2cjktN2Y0cc2uTg
Directory Traversal in pyftpdlib
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
Permalink: https://github.com/advisories/GHSA-f8wg-36r9-7f4qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOHdnLTM2cjktN2Y0cc2uTg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-f8wg-36r9-7f4q, CVE-2007-6736
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-6736
- https://github.com/giampaolo/pyftpdlib/issues/9
- https://github.com/advisories/GHSA-f8wg-36r9-7f4q
- https://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-20.yaml
- http://code.google.com/p/pyftpdlib/issues/detail?id=9
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=16
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn16&r=16&format=side&path=/trunk/pyftpdlib/FTPServer.py
Blast Radius: 15.8
Affected Packages
pypi:pyftpdlib
Dependent packages: 21Dependent repositories: 326
Downloads: 244,704 last month
Affected Version Ranges: < 0.2.0
Fixed in: 0.2.0
All affected versions:
All unaffected versions: 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.7.0, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9