CVE-2021-23427

Summary

This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.

Affected Software

VendorProductVersion RangeStatus
n/aelFinder.NetCore0 < unspecifiedaffected

Weaknesses

  • Arbitrary File Write via Archive Extraction (Zip Slip)

ADP Enrichment

CVE Program Container

Additional References

References