[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-7418":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":197,"downstream":198,"duplicates":213,"related":214,"reserved_at":9,"published_at":220,"modified_at":221,"state":222,"summary":223,"references_raw":232,"kevs":274,"epss":275,"epss_history":278,"metrics":543,"affected":554},"CVE-2017-7418","ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[],[],[199,201,203,205,207,209,211],{"_key":200},"OPENSUSE-SU-2019:1870-1",{"_key":202},"OPENSUSE-SU-2019:1836-1",{"_key":204},"OPENSUSE-SU-2020:0031-1",{"_key":206},"OPENSUSE-SU-2024:11196-1",{"_key":208},"MGASA-2017-0115",{"_key":210},"UBUNTU-CVE-2017-7418",{"_key":212},"DEBIAN-CVE-2017-7418",[],[215,216,217,218,219],{"_key":200},{"_key":202},{"_key":204},{"_key":206},{"_key":208},"2017-04-04T17:00:00.000Z","2024-08-05T16:04:11.362Z","Modified",{"cisa_kev":224,"cisa_ransomware":224,"cisa_vendor":9,"epss_severity":225,"epss_score":226,"severity":227,"severity_score":228,"severity_version":229,"severity_source":230,"severity_vector":231,"severity_status":222},false,"low",0.00039,"medium",5.5,"v3.0","nvd","CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",[233,242,246,250,256,260,266,270],{"url":234,"sources":235,"tags":237},"https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed",[236,230],"cve.org",[238,239,240,241],"X Refsource CONFIRM","Issue Tracking","Patch","Third Party Advisory",{"url":243,"sources":244,"tags":245},"https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f",[236,230],[238,239,240,241],{"url":247,"sources":248,"tags":249},"http://bugs.proftpd.org/show_bug.cgi?id=4295",[236,230],[238,239,240],{"url":251,"sources":252,"tags":253},"http://www.securityfocus.com/bid/97409",[236,230],[254,255,241],"VDB Entry","X Refsource BID",{"url":257,"sources":258,"tags":259},"https://github.com/proftpd/proftpd/pull/444/commits/349addc3be4fcdad9bd4ec01ad1ccd916c898ed8",[236,230],[238,239,240,241],{"url":261,"sources":262,"tags":263},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00004.html",[236,230],[264,265],"Vendor Advisory","X Refsource SUSE",{"url":267,"sources":268,"tags":269},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html",[236,230],[264,265],{"url":271,"sources":272,"tags":273},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html",[236,230],[264,265],[],{"date":276,"score":226,"percentile":277},"2026-06-03",0.12172,[279,283,286,289,292,295,298,301,304,307,310,312,315,318,321,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,372,375,377,380,382,385,388,391,393,396,399,402,405,408,411,414,417,420,423,426,429,432,435,439,442,445,448,450,453,456,459,462,465,468,470,473,476,479,482,485,488,491,494,497,500,503,506,509,512,514,517,519,522,525,528,531,534,537,540],{"date":280,"score":281,"percentile":282},"2025-11-04",0.00065,0.20392,{"date":284,"score":281,"percentile":285},"2025-11-05",0.20399,{"date":287,"score":281,"percentile":288},"2025-11-06",0.20398,{"date":290,"score":281,"percentile":291},"2025-11-07",0.20408,{"date":293,"score":281,"percentile":294},"2025-11-08",0.20411,{"date":296,"score":281,"percentile":297},"2025-11-09",0.20378,{"date":299,"score":281,"percentile":300},"2025-11-10",0.20341,{"date":302,"score":281,"percentile":303},"2025-11-11",0.20358,{"date":305,"score":281,"percentile":306},"2025-11-12",0.20403,{"date":308,"score":281,"percentile":309},"2025-11-13",0.20414,{"date":311,"score":281,"percentile":306},"2025-11-14",{"date":313,"score":281,"percentile":314},"2025-11-15",0.20375,{"date":316,"score":281,"percentile":317},"2025-11-16",0.20325,{"date":319,"score":281,"percentile":320},"2025-11-17",0.20255,{"date":322,"score":323,"percentile":324},"2025-11-18",0.00044,0.08612,{"date":326,"score":323,"percentile":327},"2025-11-19",0.08624,{"date":329,"score":323,"percentile":330},"2025-11-20",0.08656,{"date":332,"score":281,"percentile":333},"2025-11-21",0.20221,{"date":335,"score":281,"percentile":336},"2025-11-22",0.20216,{"date":338,"score":281,"percentile":339},"2025-11-23",0.20181,{"date":341,"score":281,"percentile":342},"2025-11-24",0.20157,{"date":344,"score":281,"percentile":345},"2025-11-25",0.20149,{"date":347,"score":281,"percentile":348},"2025-11-26",0.20145,{"date":350,"score":281,"percentile":351},"2025-11-27",0.20141,{"date":353,"score":281,"percentile":354},"2025-11-28",0.20124,{"date":356,"score":281,"percentile":357},"2025-11-29",0.20111,{"date":359,"score":281,"percentile":360},"2025-11-30",0.20108,{"date":362,"score":281,"percentile":363},"2025-12-01",0.20147,{"date":365,"score":281,"percentile":366},"2025-12-02",0.20171,{"date":368,"score":281,"percentile":369},"2025-12-03",0.20184,{"date":371,"score":281,"percentile":351},"2025-12-04",{"date":373,"score":281,"percentile":374},"2025-12-05",0.20183,{"date":376,"score":281,"percentile":374},"2025-12-06",{"date":378,"score":281,"percentile":379},"2025-12-07",0.20165,{"date":381,"score":281,"percentile":374},"2025-12-08",{"date":383,"score":281,"percentile":384},"2025-12-09",0.20251,{"date":386,"score":281,"percentile":387},"2025-12-10",0.20319,{"date":389,"score":281,"percentile":390},"2025-12-11",0.20353,{"date":392,"score":281,"percentile":314},"2025-12-12",{"date":394,"score":281,"percentile":395},"2025-12-13",0.20383,{"date":397,"score":281,"percentile":398},"2025-12-14",0.20342,{"date":400,"score":281,"percentile":401},"2025-12-15",0.20324,{"date":403,"score":281,"percentile":404},"2025-12-16",0.20355,{"date":406,"score":281,"percentile":407},"2025-12-17",0.20438,{"date":409,"score":281,"percentile":410},"2025-12-18",0.20526,{"date":412,"score":281,"percentile":413},"2025-12-19",0.20548,{"date":415,"score":281,"percentile":416},"2025-12-20",0.20525,{"date":418,"score":281,"percentile":419},"2025-12-21",0.20473,{"date":421,"score":281,"percentile":422},"2025-12-22",0.20434,{"date":424,"score":281,"percentile":425},"2025-12-23",0.20428,{"date":427,"score":281,"percentile":428},"2025-12-24",0.20459,{"date":430,"score":281,"percentile":431},"2025-12-25",0.20544,{"date":433,"score":281,"percentile":434},"2025-12-26",0.20538,{"date":436,"score":437,"percentile":438},"2025-12-27",0.00055,0.1743,{"date":440,"score":281,"percentile":441},"2025-12-28",0.20497,{"date":443,"score":281,"percentile":444},"2025-12-29",0.20453,{"date":446,"score":281,"percentile":447},"2025-12-30",0.2044,{"date":449,"score":281,"percentile":441},"2025-12-31",{"date":451,"score":281,"percentile":452},"2026-01-01",0.20592,{"date":454,"score":281,"percentile":455},"2026-01-02",0.20597,{"date":457,"score":281,"percentile":458},"2026-01-03",0.20583,{"date":460,"score":281,"percentile":461},"2026-01-04",0.20489,{"date":463,"score":281,"percentile":464},"2026-01-05",0.20483,{"date":466,"score":281,"percentile":467},"2026-01-06",0.20494,{"date":469,"score":281,"percentile":410},"2026-01-07",{"date":471,"score":281,"percentile":472},"2026-01-08",0.2057,{"date":474,"score":281,"percentile":475},"2026-01-09",0.20571,{"date":477,"score":281,"percentile":478},"2026-01-10",0.20565,{"date":480,"score":281,"percentile":481},"2026-01-11",0.20532,{"date":483,"score":281,"percentile":484},"2026-01-12",0.20496,{"date":486,"score":281,"percentile":487},"2026-01-13",0.20476,{"date":489,"score":281,"percentile":490},"2026-01-14",0.20534,{"date":492,"score":281,"percentile":493},"2026-01-15",0.20537,{"date":495,"score":281,"percentile":496},"2026-01-16",0.20567,{"date":498,"score":281,"percentile":499},"2026-01-17",0.20574,{"date":501,"score":281,"percentile":502},"2026-01-18",0.20524,{"date":504,"score":281,"percentile":505},"2026-01-19",0.20485,{"date":507,"score":281,"percentile":508},"2026-01-20",0.20465,{"date":510,"score":281,"percentile":511},"2026-01-21",0.20429,{"date":513,"score":281,"percentile":291},"2026-01-22",{"date":515,"score":281,"percentile":516},"2026-01-23",0.20503,{"date":518,"score":281,"percentile":416},"2026-01-24",{"date":520,"score":281,"percentile":521},"2026-01-25",0.2045,{"date":523,"score":281,"percentile":524},"2026-01-26",0.20347,{"date":526,"score":281,"percentile":527},"2026-01-27",0.20338,{"date":529,"score":281,"percentile":530},"2026-01-28",0.20339,{"date":532,"score":281,"percentile":533},"2026-01-29",0.20298,{"date":535,"score":281,"percentile":536},"2026-01-30",0.20299,{"date":538,"score":281,"percentile":539},"2026-01-31",0.20305,{"date":541,"score":281,"percentile":542},"2026-02-01",0.2033,[544],{"source":230,"cvss_v2_0":545,"cvss_v3_0":550,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":546,"baseSeverity":9,"vectorString":547,"impactScore":548,"exploitabilityScore":549},2.1,"AV:L/AC:L/Au:N/C:N/I:P/A:N",2.9,3.9,{"baseScore":228,"baseSeverity":551,"vectorString":231,"impactScore":552,"exploitabilityScore":553},"MEDIUM",6,4.6,[555],{"ecosystem":9,"name":556,"vendor":556,"product":556,"cpe_part":557,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":558},"proftpd","a",[559,565,567,569,571,573],{"version":560,"is_range":561,"range_type":562,"version_start":9,"version_start_type":9,"version_end":563,"version_end_type":564,"fixed_in":9},"lte1.3.5",true,"cpe","1.3.5","including",{"version":566,"is_range":224,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.6",{"version":568,"is_range":224,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.6:rc1",{"version":570,"is_range":224,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.6:rc2",{"version":572,"is_range":224,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.6:rc3",{"version":574,"is_range":224,"range_type":562,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.3.6:rc4"]