GHSA-mvvp-gwgc-5hrp

Source

https://github.com/advisories/GHSA-mvvp-gwgc-5hrp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-mvvp-gwgc-5hrp/GHSA-mvvp-gwgc-5hrp.json

Aliases

CVE-2021-23407
SNYK-DOTNET-ELFINDERNETCORE-1315152

Published

2021-08-02T17:30:27Z

Modified

2023-11-08T04:05:07.879631Z

Details

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-23407
https://github.com/trannamtrung1st/elFinder.Net.Core/commit/5498c8a86b76ef089cfbd7ef8be014b61fa11c73
https://github.com/trannamtrung1st/elFinder.Net.Core
https://github.com/trannamtrung1st/elFinder.Net.Core/releases/tag/all-1.2.4
https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1315152

Affected packages

NuGet / elFinder.Net.Core

Package

Name: elFinder.Net.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3