Vulnerabilities
Vulnerable Software
Patrickjuchli:  Security Vulnerabilities
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client.list()`, causing the client process to consume memory until it becomes unstable or crashes. Version 5.3.0 fixes the issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-04-24
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.
CVSS Score
9.1
EPSS Score
0.005
Published
2026-02-25


Contact Us

Shodan ® - All rights reserved