GHSA-9rjp-r58j-fxgq

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-9rjp-r58j-fxgq/GHSA-9rjp-r58j-fxgq.json
Aliases
  • CVE-2021-23428
Published
2021-09-02T22:05:26Z
Modified
2023-04-11T01:43:34.318681Z
Details

This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

References

Affected packages

NuGet / elFinder.NetCore

Source Details

Package Name
elFinder.NetCore

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
1.3.5

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5