CVE-2026-44240
- EPSS 0.47%
- Veröffentlicht 12.05.2026 20:37:43
- Zuletzt bearbeitet 14.05.2026 13:16:19
basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response d...
CVE-2026-41324
- EPSS 0.33%
- Veröffentlicht 24.04.2026 03:28:48
- Zuletzt bearbeitet 27.04.2026 17:48:44
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely ...
CVE-2026-39983
- EPSS 1.95%
- Veröffentlicht 09.04.2026 18:17:02
- Zuletzt bearbeitet 14.04.2026 20:07:51
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and ...
CVE-2026-27699
- EPSS 0.53%
- Veröffentlicht 25.02.2026 14:58:56
- Zuletzt bearbeitet 26.02.2026 15:27:45
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal se...