CNNVD-202509-1150 Information

CNNVD ID

CNNVD-202509-1150

Related CVE

CVE-2025-57633

• CNNVD Published: 2025-09-09

Description (Chinese)

FTP-Flask-python是Ajay Pandurang Paratmandali个人开发者的一个Python库。 FTP-Flask-python 5173b68及之前版本存在安全漏洞，该漏洞源于ftp_file参数未清理和转义，可能导致远程命令执行。

Description (English)

FTP-Flask-python is a Python library of Ajay Pandurang Paratmandali’s personal developer. FTP-Flask-python 5173b68 and previous versions have a security loophole, which stems from the uncleaned and transposed ftp file parameters and may lead to remote command execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-09

Last Modified

2026-02-24

References

https://gist.github.com/Spendroslav/1c0c6a6556992291b19c3178e3cb5885 https://github.com/ajaypp123/FTP-Flask-python/blob/5173b6828244ff9729fa29cc144d74ccbea30a73/ftp_app.py https://access.redhat.com/security/cve/cve-2025-57633

Patch

https://pypi.org/project/Flask/#files