CVE-2007-6736 — Path Traversal in Pyftpdlib

CWE-22 — Path Traversal5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 1

Description

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.2.0

▶NVDg.rodola/pyftpdlib0.1.1+1

▶debiandebian/python-pyftpdlib

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

OSV

Directory Traversal in pyftpdlib↗2022-05-01

▶

GHSA

Directory Traversal in pyftpdlib↗2022-05-01

▶

OSV

CVE-2007-6736: Multiple directory traversal vulnerabilities in FTPServer↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2007-6736: python-pyftpdlib - Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before...↗2007

▶