NuGet package
elfinder.netcore
pkg:nuget/elfinder.netcore
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23427 | — | <= 1.3.5 | — | Sep 1, 2021 | This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. | ||
| CVE-2021-23428 | — | <= 1.3.5 | — | Sep 1, 2021 | This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal |
- CVE-2021-23427Sep 1, 2021affected <= 1.3.5
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.
- CVE-2021-23428Sep 1, 2021affected <= 1.3.5
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal