← Zuruck zu CVEs

CVE-2021-23428

HIGH

8.6

Beschreibung

This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal

CVE Details

CVSS v3.1 Bewertung8.6

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht9/1/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

elfinder.netcore_project:elfinder.netcore

Schwachen (CWE)

CWE-22

Referenzen

https://github.com/gordon-matt/elFinder.NetCore(report@snyk.io)

https://github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L387(report@snyk.io)

https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1313838(report@snyk.io)

https://github.com/gordon-matt/elFinder.NetCore(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/gordon-matt/elFinder.NetCore/blob/633da9a4d7d5c9baefd1730ee51bf7af54889600/elFinder.NetCore/Drivers/FileSystem/FileSystemDriver.cs%23L387(af854a3a-2127-422b-91ae-364da2661108)

https://snyk.io/vuln/SNYK-DOTNET-ELFINDERNETCORE-1313838(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.