VulnerableCode Package Details - pkg:deb/debian/lftp@4.7.4-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-gc6j-hdbu-aaan Aliases: CVE-2018-10916	It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.	4.8.4-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gc6j-hdbu-aaan
Aliases:
CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.

4.8.4-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T16:47:59.370515+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T21:09:29.215968+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	None	36.1.3
2025-06-08T09:33:14.992235+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T14:34:36.245142+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	None	36.1.0
2025-04-12T20:50:44.030796+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:05:36.548385+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T13:06:40.838146+00:00	Debian Oval Importer	Affected by	VCID-gc6j-hdbu-aaan	None	36.0.0
2025-04-07T07:13:15.566193+00:00	Debian Importer	Affected by	VCID-gc6j-hdbu-aaan	None	36.0.0
2025-02-19T00:37:36.270327+00:00	Debian Importer	Affected by	VCID-gc6j-hdbu-aaan	None	35.1.0
2024-04-24T12:10:23.582283+00:00	Debian Importer	Affected by	VCID-gc6j-hdbu-aaan	None	34.0.0rc4
2024-01-10T13:59:55.311497+00:00	Debian Importer	Affected by	VCID-gc6j-hdbu-aaan	None	34.0.0rc2
2024-01-04T05:08:50.699673+00:00	Debian Importer	Affected by	VCID-gc6j-hdbu-aaan	None	34.0.0rc1