PYSEC-2021-433

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/s3scanner/PYSEC-2021-433.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2021-433
Aliases
Published
2021-11-29T03:15:00Z
Modified
2023-11-01T04:55:23.207996Z
Summary
[none]
Details

S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.

References

Affected packages

PyPI / s3scanner

Package

Name
s3scanner
View open source insights on deps.dev
Purl
pkg:pypi/s3scanner

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.2

Affected versions

2.*

2.0.0
2.0.1