{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T04:08:22.670","vulnerabilities":[{"cve":{"id":"CVE-2020-15152","sourceIdentifier":"security-advisories@github.com","published":"2020-08-17T22:15:12.627","lastModified":"2024-11-21T05:04:57.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory."},{"lang":"es","value":"ftp-srv es un paquete npm que es un moderno y extensible servidor FTP diseñado para ser simple pero configurable. En ftp-srv antes de las versiones 2.19.6, 3.1.2, y 4.3.4 son vulnerables a la falsificación de solicitudes del lado del servidor. El comando PORT permite IPs arbitrarias que pueden ser usadas para hacer que el servidor haga una conexión en otro lugar. Una posible solución es bloquear el PUERTO a través de la configuración. Este problema está solucionado en las versiones 2.19.6, 3.1.2 y 4.3.4. Puede encontrar más información en el aviso vinculado"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.19.6","matchCriteriaId":"F5D90734-6B6E-4C5F-B0D5-9B4C4FAA8648"},{"vulnerable":true,"criteria":"cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"4A020A63-F973-4E4C-9CF2-2B8F79234570"},{"vulnerable":true,"criteria":"cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.4","matchCriteriaId":"B1A73879-F682-4506-91E9-E0957E37C4EE"}]}]}],"references":[{"url":"https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j","source":"security-advisories@github.com","tags":["Mitigation","Patch","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/ftp-srv","source":"security-advisories@github.com","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/ftp-srv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}