Releases202
Frequency1 month 2 weeks
Last Release
Stars1.28K
sophisticated command line file transfer program (ftp, http, sftp, fish, torrent)

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
<= 4.8.37.8 HIGH

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.