GHSA-wmpm-fq7r-jq56
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wmpm-fq7r-jq56
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-wmpm-fq7r-jq56/GHSA-wmpm-fq7r-jq56.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wmpm-fq7r-jq56
- Aliases
-
- CVE-2021-23427
- Published
- 2021-09-02T22:05:17Z
- Modified
- 2023-11-08T04:05:09.051868Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Imporoper path validation in elFinder.NetCore
- Details
-
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-23427
- https://github.com/gordon-matt/elFinder.NetCore
- https://github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs#L226
- https://github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L226
- https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1567778
Affected packages
NuGet / elFinder.NetCore
Package
- Name
- elFinder.NetCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/elFinder.NetCore