This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ricexdream
Recipients ricexdream
Date 2021-02-21.11:49:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Last year, curl had a security update for CVE-2020-8284. more info, see

The problem is ftp client trust the host from PASV response by default, A malicious server can trick ftp client into connecting
back to a given IP address and port. This may make ftp client scan ports and extract service banner from private newwork.

After test and read ftplib module(, I found ftplib has the same problem.
Date User Action Args
2021-02-21 11:49:34ricexdreamsetrecipients: + ricexdream
2021-02-21 11:49:34ricexdreamsetmessageid: <>
2021-02-21 11:49:34ricexdreamlinkissue43285 messages
2021-02-21 11:49:34ricexdreamcreate