Critical severityGHSA Advisory· Published Sep 1, 2021· Updated Sep 16, 2024
Arbitrary File Write via Archive Extraction (Zip Slip)
CVE-2021-23427
Description
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elFinder.NetCoreNuGet | <= 1.3.5 | — |
Affected products
2- Range: <= 1.3.5
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-wmpm-fq7r-jq56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23427ghsaADVISORY
- github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.csghsaWEB
- github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L226ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1567778ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.