ftp-srv

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ftp-srvpage 1 of 1

CVE-2020-15152CRITICALCVSS 9.1EG 9.1✓ Fixed in 4.3.4
2020-08-17
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitr…
CVE-2020-26299MEDIUMCVSS 6.3EG 6.3✓ Fixed in 4.4.0
2021-02-10
ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP us…

Check whether ftp-srv is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ftp-srv CVEs against the assets you own.

Start Free Scan →