CVE-2007-6736: Directory Traversal in pyftpdlib

May 1, 2022 (updated October 21, 2024)

Python FTP server library provides a high-level portable interface to easily write very efficient, scalable and asynchronous FTP servers with Python. Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.

References

github.com/advisories/GHSA-f8wg-36r9-7f4q
github.com/giampaolo/pyftpdlib
github.com/giampaolo/pyftpdlib/issues/9
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-20.yaml
nvd.nist.gov/vuln/detail/CVE-2007-6736

Detect and mitigate CVE-2007-6736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →