Lucene search
Veracode Vulnerability DatabaseVERACODE:29348HistoryFeb 11, 2021 - 3:12 a.m.
Directory Traversal
2021-02-1103:12:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.003 Low
EPSS
Percentile
71.5%
ftp-srv is vulnerable to directory traversal. The vulnerability exists as it does not perform checks on the relative path to see if it resolves to a path outside of the application root directory.
References
github.com/autovance/ftp-srv/commit/457b859450a37cba10ff3c431eb4aa67771122e3
github.com/autovance/ftp-srv/issues/167
github.com/autovance/ftp-srv/issues/225
github.com/autovance/ftp-srv/pull/224
github.com/autovance/ftp-srv/security/advisories/GHSA-pmw4-jgxx-pcq9
www.npmjs.com/advisories/1624
www.npmjs.com/package/ftp-srv
Related
cve
cve
CVE-2020-26299
2021-02-10 18:15:12
nvd
nvd
CVE-2020-26299
2021-02-10 18:15:12
cvelist
cvelist
CVE-2020-26299 File System Bounds Escape
2021-02-10 18:10:19
github
github
File System Bounds Escape
2021-02-10 18:11:34
redhatcve
redhatcve
CVE-2020-26299
2021-02-10 21:46:05
osv
osv
File System Bounds Escape
2021-02-10 18:11:34
CVE-2020-26299
2021-02-10 18:15:12
prion
prion
Path traversal
2021-02-10 18:15:00
nodejs
nodejs
Directory Traversal
2021-02-24 02:58:05