Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcHBnLXY3NWMtcjVmZs0Ycg
S3Scanner allows Directory Traversal
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../
substring in a ListBucketResult
element.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcHBnLXY3NWMtcjVmZs0Ycg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 9 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-qppg-v75c-r5ff, CVE-2021-32061
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-32061
- https://github.com/sa7mon/S3Scanner/issues/122
- https://github.com/sa7mon/S3Scanner/releases/tag/2.0.2
- https://vuln.ryotak.me/advisories/62
- https://github.com/sa7mon/S3Scanner/commit/fafa30a3bd35b496b3f7db9bfc35b75a8a06bcd1
- https://github.com/advisories/GHSA-qppg-v75c-r5ff
Blast Radius: 6.4
Affected Packages
pypi:s3scanner
Dependent packages: 0Dependent repositories: 16
Downloads: 978 last month
Affected Version Ranges: < 2.0.2
Fixed in: 2.0.2
All affected versions: 2.0.0, 2.0.1
All unaffected versions: 2.0.2