GHSA-jw88-wxv5-7c4f

Source

https://github.com/advisories/GHSA-jw88-wxv5-7c4f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jw88-wxv5-7c4f/GHSA-jw88-wxv5-7c4f.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-jw88-wxv5-7c4f

Aliases

CVE-2008-7262
PYSEC-2010-4

Published

2022-05-17T05:47:38Z

Modified

2024-10-14T18:35:28.023633Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Directory traversal in pyftpdlib

Details

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.

Database specific

{
    "severity": "MODERATE",
    "nvd_published_at": "2010-10-19T20:00:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-09T23:51:00Z",
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

PyPI / pyftpdlib

Package

Name: pyftpdlib; View open source insights on deps.dev
Purl: pkg:pypi/pyftpdlib

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0

Affected versions

0.*

0.2.0