Old vulnerabilities in both Java and Python that allow attackers to bypass firewalls and access local networks by injecting malicious commands inside FTP URLs resurfaced this week when two security ...

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

The FTP protocol injection issue in Java and Python can be leveraged to start a classic mode FTP connection, whitelisted by most firewalls, which attackers can use for nefarious purposes.

RFC959 is implemented in most desktop FTP-client tools. Many Java programmers use these tools to connect to FTP servers. As a matter of taste, these tools most likely prefer RFC959-like libraries.