Information Exposure Affecting studio-42/elfinder package, versions <2.1.45


0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.15% (51st percentile)
Expand this section
NVD
5.9 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-STUDIO42ELFINDER-73505
  • published 14 Jan 2019
  • disclosed 9 Jan 2019
  • credit Ravindra Rajaram and Hamsalekha Madiraju

How to fix?

Upgrade studio-42/elfinder to version 2.1.45 or higher.

Overview

studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI.

Affected versions of this package are vulnerable to Information Exposure. There is a possible leak of information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.

References