HIGH
patrickjuchli
CVE published 2026-04-09
CVE-2026-39983
The basic-ftp library for Node.js, prior to version 5.2.1, is vulnerable to FTP command injection attacks. This is due to the library's protectWhitespace() helper not properly handling CRLF sequences in file path parameters, which can lead to the splitting of one intended FTP command into multiple commands. An attacker can exploit this vulnerability by providing specially crafted path strings, potentially [truncated]