PatchSiren

patrickjuchli CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH patrickjuchli CVE published 2026-04-09

CVE-2026-39983

The basic-ftp library for Node.js, prior to version 5.2.1, is vulnerable to FTP command injection attacks. This is due to the library's protectWhitespace() helper not properly handling CRLF sequences in file path parameters, which can lead to the splitting of one intended FTP command into multiple commands. An attacker can exploit this vulnerability by providing specially crafted path strings, potentially [truncated]