Ztrix

**Name of the Vulnerable Software and Affected Versions** LightFTP versions 1.0 through 2.2 LightFTP version 2.2 **Description** A race condition in the software allows an attacker to achieve path traversal via a malformed FTP request. This occurs because a handler thread can use an overwritten `context->FileName`. **Recommendations** For LightFTP versions 1.0 through 2.2, update to a version that fixes the race condition issue. For LightFTP version 2.2, update to a version that fixes the race condition issue. As a temporary workaround, consider restricting access to the FTP service until a patch is available.