ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv prior to 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ftp-srv project ftp-srv |