CVE-2009-5012

Improper Access Control in pyftpdlib in pypi/pyftpdlib

Identifiers

GHSA-h4g7-8m7r-87r9, CVE-2009-5012

Package Slug

pypi/pyftpdlib

Vulnerability

Improper Access Control in pyftpdlib

Description

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

Affected Versions

All versions up to 0.5.1

Solution

Upgrade to version 0.5.2 or above.

Last Modified

2022-06-19

source