GHSA-f8wg-36r9-7f4q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f8wg-36r9-7f4q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f8wg-36r9-7f4q/GHSA-f8wg-36r9-7f4q.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-f8wg-36r9-7f4q
- Aliases
-
- CVE-2007-6736
- PYSEC-2010-20
- Published
- 2022-05-01T18:45:57Z
- Modified
- 2024-10-21T21:00:14Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Directory Traversal in pyftpdlib
- Details
-
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
- Database specific
{ "nvd_published_at": "2010-10-19T20:00:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-06-08T22:28:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-6736
- https://github.com/giampaolo/pyftpdlib/issues/9
- https://github.com/advisories/GHSA-f8wg-36r9-7f4q
- https://github.com/giampaolo/pyftpdlib
- https://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-20.yaml
- http://code.google.com/p/pyftpdlib/issues/detail?id=9
- http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- http://code.google.com/p/pyftpdlib/source/detail?r=16
- http://code.google.com/p/pyftpdlib/source/diff?spec=svn16&r=16&format=side&path=/trunk/pyftpdlib/FTPServer.py
Affected packages
PyPI / pyftpdlib
Package
- Name
- pyftpdlib
- View open source insights on deps.dev
- Purl
- pkg:pypi/pyftpdlib