漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Vulnerability Description
The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
CPython 代码问题漏洞
Vulnerability Description
CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在代码问题漏洞,该漏洞源于Lib/ftplib.py中的ftpcp()函数,可能导致攻击者控制IP地址和端口。
CVSS Information
N/A
Vulnerability Type
N/A