CVE-2023-35840

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-35840

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35840.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35840

Aliases

GHSA-wm5g-p99q-66g4

Related

GHSA-wm5g-p99q-66g4

Published

2023-06-19T01:15:08.710Z

Modified

2026-03-14T22:50:32.380166Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

References

Affected packages

Git / github.com/studio-42/elfinder

Affected ranges

Type

GIT

Repo

https://github.com/studio-42/elfinder

Events

Introduced

Fixed

91133c14a341158beca82aede0b2138236a96bc8

Fixed

bb9aaa7b096a1b83f2f85657c43f12131ece2891

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.62"
        }
    ]
}

Affected versions

1.*

1.0.1

1.1

2.*

2.0-beta

2.0-rc1

2.1.0

2.1.1

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.2

2.1.20

2.1.21

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.3

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.4

2.1.40

2.1.41

2.1.42

2.1.43

2.1.44

2.1.45

2.1.46

2.1.47

2.1.48

2.1.49

2.1.5

2.1.50

2.1.51

2.1.52

2.1.53

2.1.54

2.1.55

2.1.56

2.1.57

2.1.58

2.1.59

2.1.6

2.1.60

2.1.61

2.1.7

2.1.8

2.1.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35840.json"