CVE-2008-7262

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/pyftpdlib

Identifiers

GHSA-jw88-wxv5-7c4f, CVE-2008-7262

Package Slug

pypi/pyftpdlib

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.

Affected Versions

All versions before 0.3.0

Solution

Upgrade to version 0.3.0 or above.

Last Modified

2022-06-10

source