<p>Upgrade <code>ftp-srv</code> to version 4.3.4, 3.1.2, 2.19.6 or higher.</p>

=3.1.0 <3.1.2 <2.19.6

Snyk CVSS

Attack Complexity Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-FTPSRV-597159
published 2 Aug 2020
disclosed 20 May 2020
credit Vincent

Report a new vulnerability Found a mistake?

Introduced: 20 May 2020

CWE-918 Open this link in a new tab

How to fix?

Upgrade ftp-srv to version 4.3.4, 3.1.2, 2.19.6 or higher.

Overview

ftp-srv is a Modern, extensible FTP Server

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.

Server-side Request Forgery (SSRF) Affecting ftp-srv package, versions >=4.0.0 <4.3.4 >=3.1.0 <3.1.2 <2.19.6

Snyk CVSS

Introduced: 20 May 2020

How to fix?

Overview

References