VulnerableCode Package Details - pkg:pypi/pyftpdlib@0.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-2u11-41pn-z3a6 Aliases: CVE-2009-5012 GHSA-h4g7-8m7r-87r9 PYSEC-2010-9	ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.	0.5.2 Affected by 0 other vulnerabilities.
VCID-5x4d-txr7-77bn Aliases: CVE-2008-7263 GHSA-q6w2-jxcm-2crj PYSEC-2010-5	ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.	0.5.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-67rd-vz1v-yqac Aliases: CVE-2009-5010 GHSA-mpg6-rgp4-35rr PYSEC-2010-7	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib	0.5.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8vjd-1g37-5ye6 Aliases: CVE-2009-5011 GHSA-62xg-239j-vxg7 PYSEC-2010-8	Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.	0.5.2 Affected by 0 other vulnerabilities.
VCID-crtn-sf6h-t7e3 Aliases: CVE-2008-7264 GHSA-8p2c-fghc-9hj4 PYSEC-2010-6	The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.	0.5.0 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ufjv-wgk3-sfcj Aliases: CVE-2010-3494 GHSA-hw4g-fhcp-x5mq PYSEC-2010-11	Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.	0.5.2 Affected by 0 other vulnerabilities.
VCID-zjev-ytqn-8yhs Aliases: CVE-2009-5013 GHSA-8gv6-x88p-3f6h PYSEC-2010-10	Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.	0.5.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2u11-41pn-z3a6
Aliases:
CVE-2009-5012
GHSA-h4g7-8m7r-87r9
PYSEC-2010-9

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.

0.5.2
Affected by 0 other vulnerabilities.

VCID-5x4d-txr7-77bn
Aliases:
CVE-2008-7263
GHSA-q6w2-jxcm-2crj
PYSEC-2010-5

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

0.5.0
Affected by 5 other vulnerabilities.

VCID-67rd-vz1v-yqac
Aliases:
CVE-2009-5010
GHSA-mpg6-rgp4-35rr
PYSEC-2010-7

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

0.5.1
Affected by 4 other vulnerabilities.

VCID-8vjd-1g37-5ye6
Aliases:
CVE-2009-5011
GHSA-62xg-239j-vxg7
PYSEC-2010-8

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

0.5.2
Affected by 0 other vulnerabilities.

VCID-crtn-sf6h-t7e3
Aliases:
CVE-2008-7264
GHSA-8p2c-fghc-9hj4
PYSEC-2010-6

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.

0.5.0
Affected by 5 other vulnerabilities.

VCID-ufjv-wgk3-sfcj
Aliases:
CVE-2010-3494
GHSA-hw4g-fhcp-x5mq
PYSEC-2010-11

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

0.5.2
Affected by 0 other vulnerabilities.

VCID-zjev-ytqn-8yhs
Aliases:
CVE-2009-5013
GHSA-8gv6-x88p-3f6h
PYSEC-2010-10

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.

0.5.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T08:57:17.689609+00:00	GHSA Importer	Affected by	VCID-ufjv-wgk3-sfcj	https://github.com/advisories/GHSA-hw4g-fhcp-x5mq	38.6.0
2026-06-13T08:57:17.607332+00:00	GHSA Importer	Affected by	VCID-5x4d-txr7-77bn	https://github.com/advisories/GHSA-q6w2-jxcm-2crj	38.6.0
2026-06-13T08:57:17.532276+00:00	GHSA Importer	Affected by	VCID-crtn-sf6h-t7e3	https://github.com/advisories/GHSA-8p2c-fghc-9hj4	38.6.0
2026-06-12T18:15:36.205757+00:00	GitLab Importer	Affected by	VCID-5x4d-txr7-77bn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2008-7263.yml	38.6.0
2026-06-12T18:15:22.514680+00:00	GitLab Importer	Affected by	VCID-ufjv-wgk3-sfcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2010-3494.yml	38.6.0
2026-06-12T18:14:16.534874+00:00	GitLab Importer	Affected by	VCID-crtn-sf6h-t7e3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2008-7264.yml	38.6.0
2026-06-12T18:06:32.694314+00:00	GitLab Importer	Affected by	VCID-67rd-vz1v-yqac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2009-5010.yml	38.6.0
2026-06-12T18:06:26.826040+00:00	GitLab Importer	Affected by	VCID-8vjd-1g37-5ye6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2009-5011.yml	38.6.0
2026-06-12T18:06:23.546442+00:00	GitLab Importer	Affected by	VCID-2u11-41pn-z3a6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2009-5012.yml	38.6.0
2026-06-12T18:06:22.891036+00:00	GitLab Importer	Affected by	VCID-zjev-ytqn-8yhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyftpdlib/CVE-2009-5013.yml	38.6.0
2026-06-12T04:00:31.174875+00:00	Pypa Importer	Affected by	VCID-2u11-41pn-z3a6	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-9.yaml	38.6.0
2026-06-12T04:00:31.112306+00:00	Pypa Importer	Affected by	VCID-8vjd-1g37-5ye6	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-8.yaml	38.6.0
2026-06-12T04:00:31.055432+00:00	Pypa Importer	Affected by	VCID-crtn-sf6h-t7e3	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-6.yaml	38.6.0
2026-06-12T04:00:30.995758+00:00	Pypa Importer	Affected by	VCID-zjev-ytqn-8yhs	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-10.yaml	38.6.0
2026-06-12T04:00:30.957295+00:00	Pypa Importer	Affected by	VCID-ufjv-wgk3-sfcj	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-11.yaml	38.6.0
2026-06-12T04:00:30.851026+00:00	Pypa Importer	Affected by	VCID-67rd-vz1v-yqac	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-7.yaml	38.6.0
2026-06-12T04:00:30.554108+00:00	Pypa Importer	Affected by	VCID-5x4d-txr7-77bn	https://github.com/pypa/advisory-database/blob/main/vulns/pyftpdlib/PYSEC-2010-5.yaml	38.6.0
2026-06-11T20:41:51.765624+00:00	PyPI Importer	Affected by	VCID-67rd-vz1v-yqac	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.725755+00:00	PyPI Importer	Affected by	VCID-crtn-sf6h-t7e3	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.683376+00:00	PyPI Importer	Affected by	VCID-5x4d-txr7-77bn	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.634319+00:00	PyPI Importer	Affected by	VCID-zjev-ytqn-8yhs	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.587512+00:00	PyPI Importer	Affected by	VCID-ufjv-wgk3-sfcj	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.435376+00:00	PyPI Importer	Affected by	VCID-2u11-41pn-z3a6	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-11T20:41:51.314274+00:00	PyPI Importer	Affected by	VCID-8vjd-1g37-5ye6	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0