Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xNncyLWp4Y20tMmNyas4AAgH6

Improper Authentication in pyftpdlib

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

Permalink: https://github.com/advisories/GHSA-q6w2-jxcm-2crj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNncyLWp4Y20tMmNyas4AAgH6
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Identifiers: GHSA-q6w2-jxcm-2crj, CVE-2008-7263
References: Repository: https://github.com/giampaolo/pyftpdlib
Blast Radius: 18.3

Affected Packages

pypi:pyftpdlib
Dependent packages: 21
Dependent repositories: 326
Downloads: 233,269 last month
Affected Version Ranges: < 0.5.0
Fixed in: 0.5.0
All affected versions: 0.2.0, 0.3.0, 0.4.0
All unaffected versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.7.0, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9