VYPR

ftp-srv

by autovance

npm: ftp-srv

Source repositories

CVEs (2)

  • CVE-2020-15152CriAug 17, 2020
    risk 0.52cvss 9.1epss 0.02

    ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the…

  • CVE-2020-26299MedFeb 10, 2021
    risk 0.34cvss 6.3epss 0.02

    ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the…