CVE-2007-6736 – pyftpdlib

Package

Manager: pip
Name: pyftpdlib
Vulnerable Version: >=0 <0.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00337 pctl0.5584

Details

Directory Traversal in pyftpdlib Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.

Metadata

Created: 2022-05-01T18:45:57Z
Modified: 2024-10-21T21:00:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f8wg-36r9-7f4q/GHSA-f8wg-36r9-7f4q.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-f8wg-36r9-7f4q
Finding: F063
Auto approve: 1