GHSA-jw88-wxv5-7c4f

Suggest an improvement
Source
https://github.com/advisories/GHSA-jw88-wxv5-7c4f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jw88-wxv5-7c4f/GHSA-jw88-wxv5-7c4f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jw88-wxv5-7c4f
Aliases
Published
2022-05-17T05:47:38Z
Modified
2024-10-14T18:35:28.023633Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Directory traversal in pyftpdlib
Details

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.

Database specific
{
    "nvd_published_at": "2010-10-19T20:00:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-09T23:51:00Z"
}
References

Affected packages

PyPI / pyftpdlib

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0

Affected versions

0.*

0.2.0