Lftp Project

lftp_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Lftp

lftp

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10916 3Canonical Lftp ProjectOpensuse 3Leap LftpUbuntu Linux Nov 21, 2024 Aug 1, 2018 N/A· v4 6.5 MEDIUM· v3 7.8 HIGH· v2 It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may tr...Show more It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-10916

3Canonical

Lftp ProjectOpensuse

3Leap

LftpUbuntu Linux

Nov 21, 2024

Aug 1, 2018

N/A· v4

6.5 MEDIUM· v3

7.8 HIGH· v2

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.Show less