Описание
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-pyftpdlib | fixed | 0.5.2-1 | package |
EPSS
Процентиль: 42%
0.00199
Низкий
Связанные уязвимости
nvd
больше 15 лет назад
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.
EPSS
Процентиль: 42%
0.00199
Низкий