CVE-2021-32061: 
Python vulnerability analysis and mitigation

S3Scanner before version 2.0.2 contains a path traversal vulnerability (CVE-2021-32061) that allows attackers to write files outside of the intended directory via a crafted bucket. The vulnerability was discovered when special characters in object keys, specifically '../' substrings in ListBucketResult elements, could be manipulated to save files outside of the designated dump directory (GitHub Issue, RyotaK Advisory).

The vulnerability occurs during the bucket dumping process when S3Scanner concatenates the dump directory path with object keys from AWS S3 buckets. If an object key contains path traversal sequences (e.g., '../'), the resulting file could be written to any location on the user's system. While AWS S3 allows such characters in object keys, there are limitations on uploading objects with '../' prefixes through standard interfaces (GitHub Issue).

An attacker who controls an S3 bucket's contents could craft object keys with path traversal sequences that, when downloaded by S3Scanner, would write files to arbitrary locations on the user's system. However, the real-world impact is considered relatively low due to the difficulty in creating such malicious buckets and the requirement for specifically targeting S3Scanner users (GitHub Issue).

The vulnerability has been fixed in version 2.0.2 of S3Scanner. The fix prevents downloading files with keys that would result in writing outside the specified dump directory. Users are advised to update to version 2.0.2 or later. When attempting to download potentially malicious files, the application now displays a warning message and skips the download (GitHub Release, RyotaK Advisory).