Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery in ftp-srv
Vulnerability Description
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ftp-srv 代码问题漏洞
Vulnerability Description
ftp-srv 1.0.0版本至4.3.3版本中存在代码问题漏洞。攻击者可利用该漏洞将服务器连接到任意的IP地址。
CVSS Information
N/A
Vulnerability Type
N/A