Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:38345
HistoryDec 06, 2022 - 1:50 a.m.

Information Disclosure

2022-12-0601:50:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
commons-net
vulnerability
ftpclient.java
information disclosure
pasv response
malicious host urls

EPSS

0.003

Percentile

65.4%

commons-net is vulnerable to information disclosure. The vulnerability exists because the _parsePassiveModeReply function of FTPClient.java trusts the host from the PASV response by default, allowing an attacker to gain sensitive information by redirecting to the malicious host URLs