0.001 Low
EPSS
Percentile
37.1%
ftpd before βNetBSD-ftpd 20230930β can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html