pyftpdlib@0.3.0 vulnerabilities

Very fast asynchronous FTP server library

  • latest version

    2.0.1

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the pyftpdlib package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal in pyftpdlib/ftpserver.py, allowing an attacker to move/rename a file outside of the user home directory.

    How to fix Directory Traversal?

    Upgrade pyftpdlib to version 0.6.0 or higher.

    [,0.6.0)
    • M
    Denial of Service (DoS)

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to high memory consumption Denial of Service (DoS) by sending a QUIT command during a data transfer.

    How to fix Denial of Service (DoS)?

    Upgrade pyftpdlib to version 0.5.2 or higher.

    [,0.5.2)
    • M
    Access Restriction Bypass

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Access Restriction Bypass. It does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

    How to fix Access Restriction Bypass?

    Upgrade pyftpdlib to version 0.5.2 or higher.

    [,0.5.2)
    • M
    Denial of Service (DoS)

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Denial of Service (DoS) attacks via the ftp_QUIT function, by sending a QUIT command during a disallowed data-transfer attempt.

    How to fix Denial of Service (DoS)?

    Upgrade pyftpdlib to version 0.5.0 or higher.

    [,0.5.0)
    • M
    Denial of Service (DoS)

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Denial of Service (DoS) attacks via the FTPHandler class. Establishing and then immediately closing a TCP connection leads to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

    How to fix Denial of Service (DoS)?

    Upgrade pyftpdlib to version 0.5.2 or higher.

    [,0.5.2)
    • M
    Denial of Service (DoS)

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Denial of Service (DoS) attacks via the FTPHandler class.

    How to fix Denial of Service (DoS)?

    Upgrade pyftpdlib to version 0.5.1 or higher.

    [,0.5.1)
    • M
    Denial of Service (DoS)

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Denial of Service Attacks. A Malicious user could cause a denial of service by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error.

    How to fix Denial of Service (DoS)?

    Upgrade pyftpdlib to version 0.5.2 or higher.

    [,0.5.2)
    • H
    Access Restriction Bypass

    pyftpdlib is a FTP server library.

    Affected versions of this package are vulnerable to Access Restriction Bypass. It does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

    How to fix Access Restriction Bypass?

    Upgrade pyftpdlib to version 0.5.0 or higher.

    [,0.5.0)