53 matches found
PT-2026-31666
Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences r in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...
Security Bulletin: IBM App Connect Enterprise Certified Container flows that use the Box or Databricks connectors are vulnerable to loss of confidentiality (CVE-2026-27699)
Summary Node.js module basic-ftp is used by IBM App Connect Enterprise Certified Container in the connectors for Box and Databricks. IBM App Connect Enterprise Certified Container IntergationRuntime and IntegrationServer operands that run flows containing Box or Databricks connectors are vulnerab...
Linux Distros Unpatched Vulnerability : CVE-2026-27699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious...
EUVD-2026-8643
Basic FTP has Path Traversal Vulnerability in its downloadToDir method...
@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +184 more potentially affected by CVE-2026-27699 via basic-ftp (>=2.16.0 <=5.1.0)
basic-ftp NPM version =2.16.0, =0.2.6, =0.2.0, =0.7.0, =0.3.0, =3.0.0, =1.0.0, =1.1.0, =2.0.0, =1.0.0, =1.1.0, =1.0.0, =1.5.1 - @digitranslab/piece-sftp =0.2.6 and more Source cves: CVE-2026-27699 Source advisory: OSV:GHSA-5RQ4-664W-9X2C...
CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
DEBIAN-CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
UBUNTU-CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
PT-2026-21918
Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.2.0 Description The basic-ftp FTP client library for Node.js contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path...