CVE-2021-23427 – elfinder.netcore

Package

Manager: nuget
Name: elfinder.netcore
Vulnerable Version: >=0 <=1.3.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00631 pctl0.69401

Details

Imporoper path validation in elFinder.NetCore This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

Metadata

Created: 2021-09-02T22:05:17Z
Modified: 2022-07-13T19:09:43Z
Source: MANUAL
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-wmpm-fq7r-jq56
Finding: F184
Auto approve: 1