Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/08 8:2 p.m.7 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...

9.8CVSS6.3AI score0.02185EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 8:2 p.m.60 views

basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.2AI score0.02185EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/08 8:2 p.m.2 views

GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.1AI score0.02185EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31666

Name of the Vulnerable Software and Affected Versions: basic-ftp versions 5.2.0 Description: basic-ftp is an FTP client for Node.js. Versions prior to 5.2.1 are susceptible to FTP command injection due to improper handling of CRLF sequences r within file path parameters used in high-level path AP...

9CVSS5.3AI score0.02185EPSS
Exploits1References15
Rows per page
Query Builder