N-Timofeev

Name of the Vulnerable Software and Affected Versions: ftp-srv versions prior to 4.4.0 Description: The issue concerns a path-traversal vulnerability in ftp-srv, an open-source FTP server. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using expected FTP commands, such as `CWD` and `UPDR`. This occurs when Windows separators exist within the path (``), and `path.resolve` leaves the upper pointers intact, allowing the user to move beyond the root folder defined for that user. Recommendations: For versions prior to 4.4.0, update to version 4.4.0 or later to resolve the issue. As a temporary workaround, consider hosting the server on a different OS to mitigate the issue, as there are no workarounds for Windows servers.