Amazon Linux 2 : lftp (ALAS-2020-1453)
The version of lftp installed on the remote host is prior to 4.4.8-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1453 advisory. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of...