Patrickjuchli Basic-ftp
4 CVEs affecting Patrickjuchli Basic-ftp. Latest disclosed: 2026-05-12. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27699 | Critical | 9.1 | 2026-02-25 | The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A m… |
CVE-2026-39983 | High | 8.6 | 2026-04-09 | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high… |
CVE-2026-44240 | High | 7.5 | 2026-05-12 | basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline res… |
CVE-2026-41324 | High | 7.5 | 2026-04-24 | basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory… |