Headline
GHSA-3p2q-mh7q-9pxj: Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wm5g-p99q-66g4. This link is maintained to preserve external references.
Original Description
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-3p2q-mh7q-9pxj
Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector
High severity GitHub Reviewed Published Jun 19, 2023 to the GitHub Advisory Database • Updated Jun 19, 2023
Withdrawn This advisory was withdrawn on Jun 19, 2023
Package
composer studio-42/elfinder (Composer)
Affected versions
< 2.1.62
Description
Published to the GitHub Advisory Database
Jun 19, 2023
Last updated
Jun 19, 2023