Опубликовано: 30 нояб. 2021
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 5.3
Описание
S3Scanner allows Directory Traversal
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-32061
- https://github.com/sa7mon/S3Scanner/issues/122
- https://github.com/sa7mon/S3Scanner/commit/fafa30a3bd35b496b3f7db9bfc35b75a8a06bcd1
- https://github.com/advisories/GHSA-qppg-v75c-r5ff
- https://github.com/pypa/advisory-database/tree/main/vulns/s3scanner/PYSEC-2021-433.yaml
- https://github.com/sa7mon/S3Scanner
- https://github.com/sa7mon/S3Scanner/releases/tag/2.0.2
- https://vuln.ryotak.me/advisories/62
Пакеты
Наименование
s3scanner
pip
Затронутые версииВерсия исправления
< 2.0.2
2.0.2
Связанные уязвимости
CVSS3: 5.3
nvd
около 4 лет назад
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.