VYPR

npm package

basic-ftp

pkg:npm/basic-ftp

Vulnerabilities (4)

  • CVE-2026-44240HigMay 12, 2026
    affected < 5.3.1fixed 5.3.1

    basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner p

  • CVE-2026-41324HigApr 24, 2026
    affected < 5.3.0fixed 5.3.0

    basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing

  • CVE-2026-39983HigApr 9, 2026
    affected >= 5.2.0, < 5.2.1fixed 5.2.1

    basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's pro

  • CVE-2026-27699Feb 25, 2026
    affected < 5.2.0fixed 5.2.0

    The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause fil