MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12dnAtZ3dnYy01aHJw

High EPSS: 0.00532% (0.66607 Percentile) EPSS:

Permalink JSON

Path Traversal in elFinder.Net.Core

Affected Packages	Affected Versions	Fixed Versions
nuget:elFinder.Net.Core PURL: `pkg:nuget/elFinder.Net.Core`	< 1.2.4	1.2.4
2 Dependent packages 0 Dependent repositories 114,957 Downloads total Affected Version Ranges All affected versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3 All unaffected versions 1.2.4, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.

References:

Identifiers

GHSA-mvvp-gwgc-5hrp

CVE-2021-23407

Risk

Severity

High

EPSS

EPSS Percentage: 0.00532

EPSS Percentile: 0.66607

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/trannamtrung1st/elFinder.Net.Core

Date and time

Published

over 4 years ago

Updated

almost 3 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories