Server-side Request Forgery (SSRF) Affecting ftp-srv package, versions >=4.0.0 <4.3.4 >=3.1.0 <3.1.2 <2.19.6
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-FTPSRV-597159
- published 2 Aug 2020
- disclosed 20 May 2020
- credit Vincent
How to fix?
Upgrade ftp-srv
to version 4.3.4, 3.1.2, 2.19.6 or higher.
Overview
ftp-srv is a Modern, extensible FTP Server
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.
References
CVSS Scores
version 3.1