Server-side Request Forgery (SSRF) in ftp-srv

Do your applications use this vulnerable package? Test your applications

Overview

ftp-srv is a Modern, extensible FTP Server

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.

Remediation

There is no fixed version for ftp-srv.

References

NPM Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

Low

Credit: Vincent
CWE: CWE-918
Snyk ID: SNYK-JS-FTPSRV-597159
Disclosed: 20 May, 2020
Published: 02 Aug, 2020

Server-side Request Forgery (SSRF)
Affecting ftp-srv package, ALL versions

Overview

Remediation

References

CVSS Score

Server-side Request Forgery (SSRF) Affecting ftp-srv package, ALL versions

Overview

Remediation

References

Server-side Request Forgery (SSRF)
Affecting ftp-srv package, ALL versions