4 matches found
CRLF Injection
Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...
basic-ftp has FTP Command Injection via CRLF
Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...
GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF
Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...
PT-2026-31666
Name of the Vulnerable Software and Affected Versions: basic-ftp versions 5.2.0 Description: basic-ftp is an FTP client for Node.js. Versions prior to 5.2.1 are susceptible to FTP command injection due to improper handling of CRLF sequences r within file path parameters used in high-level path AP...