GHSA-R4M5-47CQ-6QG8
Vulnerability from github – Published: 2020-09-04 17:25 – Updated: 2024-01-08 21:29
VLAI?
Summary
Server-Side Request Forgery in ftp-srv
Details
All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery (SSRF). The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.
Recommendation
Upgrade to patched versions
^2.19.6, ^3.1.2, ^4.3.4
Workarounds
Blacklisting the FTP Command PORT will prevent the server from exposing this behaviour through active connections until a fix is applied.
const ftp = new FtpSrv({
blacklist: ['PORT']
});
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ftp-srv"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "2.19.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "ftp-srv"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "ftp-srv"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:59:34Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "All versions of `ftp-srv` from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery (SSRF). The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network resources available to the server, including private resources in the hosting environment.\n\n\n## Recommendation\n\nUpgrade to patched versions\n`^2.19.6, ^3.1.2, ^4.3.4`\n\n## Workarounds\nBlacklisting the FTP Command PORT will prevent the server from exposing this behaviour through active connections until a fix is applied.\n\n```\nconst ftp = new FtpSrv({\n blacklist: [\u0027PORT\u0027]\n});\n```",
"id": "GHSA-r4m5-47cq-6qg8",
"modified": "2024-01-08T21:29:30Z",
"published": "2020-09-04T17:25:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/QuorumDMS/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j"
},
{
"type": "PACKAGE",
"url": "https://github.com/QuorumDMS/ftp-srv"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1445"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Server-Side Request Forgery in ftp-srv"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…