Lucene search
VincentNODEJS:1445HistoryDec 23, 2019 - 9:25 p.m.
Server-Side Request Forgery
2019-12-2321:25:23
Vincent
www.npmjs.com
11
EPSS
0.003
Percentile
70.7%
Overview
Versions of ftp-srv prior to versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery (SSRF). The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.
Recommendation
Upgrade to version 2.19.6, 3.1.3, or 4.3.4 or later.
References
Related
cve
cve
CVE-2020-15152
2020-08-17 22:15:12
prion
prion
Server side request forgery (ssrf)
2020-08-17 22:15:00
osv
osv
CVE-2020-15152
2020-08-17 22:15:12
Server-Side Request Forgery in ftp-srv
2020-08-17 21:44:54
nvd
nvd
CVE-2020-15152
2020-08-17 22:15:12
github
github
Server-Side Request Forgery in ftp-srv
2020-08-17 21:44:54
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Ftp-Srv Project Ftp-Srv
2020-12-01 09:45:48
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-08-18 03:19:19
cvelist
cvelist
CVE-2020-15152 Server-Side Request Forgery in ftp-srv
2020-08-17 21:55:13