High severityGHSA Advisory· Published Sep 1, 2021· Updated Sep 16, 2024

Directory Traversal

CVE-2021-23428

Description

This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
elFinder.NetCoreNuGet	<= 1.3.5	—

Affected products

Gordon Matt/Elfinder.netcoreGHSA
Range: <= 1.3.5
ghsa-coords
pkg:nuget/elfinder.netcore
Range: <= 1.3.5

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9rjp-r58j-fxgqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-23428ghsaADVISORY
github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.csghsaWEB
github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L387ghsax_refsource_MISCWEB
snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1313838ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000