Ruby: lib/net/ftp.rb: trusting PASV responses allow client abuse

When net/ftp performs a passive FTP transfer, it tries to using PASV. Passive mode is what net/ftp uses by default. A server response to a PASV command includes the IPv4 address and port number for the client to connect back to in order to perform the actual data transfer. This is how the FTP...