[NET-670] Apache Commons Net ftpClient.java changeWorkingDirectory() Function CRLF Injection Remote Command Execution - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Not A Bug
Affects Version/s: 3.6
Fix Version/s: None
Component/s: FTP
Labels:
- patch

Flags:

Patch, Important
External issue ID:
BlackDuck Hub VulnDB 171100

Description

Per BlackDuck Hub VulnDB 171100

Apache Commons Net contains a flaw in the changeWorkingDirectory() function in ftpClient.java that is triggered as user-supplied input is not properly sanitized. This may allow a remote attacker to use a newline character in a specially crafted string to execute arbitrary commands.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: David Hurst

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/May/19 20:11

Updated:: 06/Aug/20 12:25

Resolved:: 16/Jun/19 23:02