Spendroslav

**Name of the Vulnerable Software and Affected Versions** express-xss-sanitizer versions through 2.0.0 **Description** The express-xss-sanitizer package contains an unbounded recursion depth in the `sanitize` function located in `lib/sanitize.js` when processing a JSON request body. **Recommendations** Update to a version of express-xss-sanitizer greater than 2.0.0.

Name of the Vulnerable Software and Affected Versions: FTP-Flask-python versions through 5173b68 Description: A command injection issue exists in FTP-Flask-python. The `/ftp.html` `endpoint`’s "Upload File" action constructs a shell command from the `ftp file` `parameter` and executes it using `os.system()` without sanitization or escaping, allowing unauthenticated remote attackers to execute arbitrary OS commands. Recommendations: Versions prior to 5173b68 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.