2 matches found
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...
Ruby Net::FTP Command Injection Vulnerability
Ruby is a Japanese software developer Yukihiro Matsumoto developed a cross-platform , object-oriented dynamically typed programming language . Net::FTP is one of the FTP client implementation . A command injection vulnerability exists in Net::FTP in Ruby versions prior to 2.4.3. An attacker can...