Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PatrickjuchliBasic-ftp*

3 matches found

CVE
CVEadded 2026/02/25 2:58 p.m.27 views

CVE-2026-27699

The CVE affects the Node.js FTP client library basic-ftp prior to version 5.2.0, where the downloadToDir() method is vulnerable to a path traversal (CWE-22). A malicious FTP server can emit directory listings containing filenames with traversal sequences ("../"), causing files to be written outsi...

9.8CVSS5.4AI score0.00152EPSS
Web
CVE
CVEadded 2026/04/24 3:28 a.m.21 views

CVE-2026-41324

CVE-2026-41324 affects the Node.js FTP client library basic-ftp . Versions prior to 5.3.0 are vulnerable to a denial-of-service caused by unbounded memory growth when processing directory listings from a remote FTP server. A malicious server can send an extremely large or never-ending listing to ...

7.5CVSS5.8AI score0.00081EPSS
CVE
CVEadded 2026/04/09 5:5 p.m.12 views

CVE-2026-39983

Summary: CVE-2026-39983 affects the Node.js FTP client package basic-ftp prior to v5.2.1. The vulnerability arises from FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level APIs (cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), removeDir()). Th...

8.6CVSS5.9AI score0.02042EPSS