CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

Directory Traversal

ftp-srv is vulnerable to directory traversal. The vulnerability exists as it does not perform checks on the relative path to see if it resolves to a path outside of the application root directory...

CVE-2020-26299

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands,...

@pheasantplucker/ftp (=1.0.0), @zpmc/zwd-server (>=0.0.14 <=0.0.21) +4 more potentially affected by CVE-2020-26299 via ftp-srv (>=2.19.6 <=4.1.0)

ftp-srv NPM version =2.19.6, =0.0.14, =0.0.1, =3.0.0, =3.0.7 Source cves: CVE-2020-26299 Source advisory: OSV:GHSA-PMW4-JGXX-PCQ9...

CVE-2020-26299

Summary: CVE-2020-26299 affects the ftp-srv npm package (FTP server) prior to 4.4.0. The root cause is how Windows path separators () interact with path.resolve, leaving an upper pointer intact and allowing a user to move beyond the defined FTP root via commands like CWD/UPDR. Impact: potential p...

ftp-srv Path Traversal Vulnerability

Connor Skees ftp-srv is an open source application from Connor Skees. Provides a modern and scalable FTP server designed to be simple but configurable. A path traversal vulnerability exists in ftp-srv, which arises from a failure of a network system or product to properly filter special elements ...

GHSA-R4M5-47CQ-6QG8 Server-Side Request Forgery in ftp-srv

All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...

Server-Side Request Forgery in ftp-srv

All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

CVE-2020-15152 Server-Side Request Forgery in ftp-srv

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

CVE-2020-15152

CVE-2020-15152 affects the ftp-srv npm package. It allows Server-Side Request Forgery via the PORT command, enabling the server to connect to arbitrary IPs. Affected versions are before 2.19.6, 3.1.2, and 4.3.4. Remediation: upgrade to 2.19.6, 3.1.2, 4.3.4 or later. A workaround noted in advisori...

@zpmc/zwd-server (>=0.0.14 <=0.0.21) potentially affected by CVE-2020-15152 via ftp-srv (=4.1.0)

ftp-srv NPM version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ftp-srv and may be impacted: - @zpmc/zwd-server =0.0.14, =0.0.21 Source cves: CVE-2020-15152 Source advisory: OSV:GHSA-JW37-5GQR-CF9J...