CVE-2007-6736
MEDIUM6.3EPSS 0.34%Directory Traversal in pyftpdlib
發布日:2022/5/1修改日:2024/10/21
描述
Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.
受影響套件(2)
- PyPI/pyftpdlibfrom 0, < 0.2.0
- PyPI/pyftpdlibfrom 0, < 0.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
參考連結(9)
- ADVISORYhttps://github.com/advisories/GHSA-f8wg-36r9-7f4q
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-6736
- PATCHhttps://github.com/giampaolo/pyftpdlib
- WEBhttp://code.google.com/p/pyftpdlib/issues/detail?id=9
- WEBhttp://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
- WEBhttp://code.google.com/p/pyftpdlib/source/detail?r=16
- WEBhttp://code.google.com/p/pyftpdlib/source/diff?spec=svn16&r=16&format=side&path=/trunk/pyftpdlib/FTPServer.py
- WEBhttps://github.com/giampaolo/pyftpdlib/issues/9
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-20.yaml