4 matches found
CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...