Name of the Vulnerable Software and Affected Versions ftp-srv versions 1.0.0 through 4.3.3

Description The issue allows remote clients to access other resources in the network, for example, when connecting to the server through telnet. This enables attackers to access any network resources available to the server, including private resources in the hosting environment.

Recommendations Upgrade to version ^2.19.6 or later Upgrade to version ^3.1.2 or later Upgrade to version ^4.3.4 or later As a temporary workaround, consider blacklisting the FTP Command PORT to prevent the server from exposing this behavior through active connections until a fix is applied. This can be achieved by configuring the ftp-srv instance with a blacklist, for example: const ftp = new FtpSrv({ blacklist: ['PORT'] });