CVE-2008-7262: Directory traversal in pyftpdlib

May 17, 2022 (updated October 14, 2024)

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.

References

github.com/advisories/GHSA-jw88-wxv5-7c4f
github.com/giampaolo/pyftpdlib
github.com/giampaolo/pyftpdlib/issues/55
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-4.yaml
nvd.nist.gov/vuln/detail/CVE-2008-7262

Code Behaviors & Features

Detect and mitigate CVE-2008-7262 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →