CVE-2021-32061: S3Scanner allows Directory Traversal
(updated )
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.
References
- github.com/advisories/GHSA-qppg-v75c-r5ff
- github.com/pypa/advisory-database/tree/main/vulns/s3scanner/PYSEC-2021-433.yaml
- github.com/sa7mon/S3Scanner
- github.com/sa7mon/S3Scanner/commit/fafa30a3bd35b496b3f7db9bfc35b75a8a06bcd1
- github.com/sa7mon/S3Scanner/issues/122
- github.com/sa7mon/S3Scanner/releases/tag/2.0.2
- nvd.nist.gov/vuln/detail/CVE-2021-32061
- vuln.ryotak.me/advisories/62
Code Behaviors & Features
Detect and mitigate CVE-2021-32061 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →