2 matches found
@pheasantplucker/ftp (=1.0.0), @zpmc/zwd-server (>=0.0.14 <=0.0.21) +4 more potentially affected by CVE-2020-26299 via ftp-srv (>=2.19.6 <=4.1.0)
ftp-srv NPM version =2.19.6, =0.0.14, =0.0.1, =3.0.0, =3.0.7 Source cves: CVE-2020-26299 Source advisory: OSV:GHSA-PMW4-JGXX-PCQ9...
CVE-2020-26299
Summary: CVE-2020-26299 affects the ftp-srv npm package (FTP server) prior to 4.4.0. The root cause is how Windows path separators () interact with path.resolve, leaving an upper pointer intact and allowing a user to move beyond the defined FTP root via commands like CWD/UPDR. Impact: potential p...