Server-side Request Forgery (SSRF)

Affecting ftp-srv package, ALL versions

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

ftp-srv is a Modern, extensible FTP Server

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.

Remediation

There is no fixed version for ftp-srv.

References

CVSS Score

7.3
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Credit
Vincent
CWE
CWE-918
Snyk ID
SNYK-JS-FTPSRV-597159
Disclosed
20 May, 2020
Published
02 Aug, 2020