- Description
- Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F3E3FA8-B97C-4878-B072-F5A9FC62E3E6",
"versionEndIncluding": "0.2.0"
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB3D49FE-C51B-49E8-895E-AD4C4E138425"
},
{
"criteria": "cpe:2.3:a:g.rodola:pyftpdlib:0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2B112CF-87F7-4A6A-9D75-AD6A577FB979"
}
],
"operator": "OR"
}
]
}
]