Directory Traversal in elFinder.AspNet

GHSA-pjxv-w3qj-j8m3 · CVE-2021-23415

Published Aug 9, 2021 · Modified Mar 13, 2026

Description

This affects the package elFinder.AspNet before 1.1.1.
The user-controlled file name is not properly sanitized before it is used to create a file system path.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-23415
WEB https://github.com/mguinness/elFinder.AspNet/commit/675049b39284a9e84f0915c71d688da8ebc7d720
PACKAGE https://github.com/mguinness/elFinder.AspNet
WEB https://snyk.io/vuln/SNYK-DOTNET-ELFINDERASPNET-1315153

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes