Server Side Request Forgery (SSRF) Affecting studio-42/elfinder package, versions <2.1.46
Snyk CVSS
Attack Complexity
Low
Privileges Required
High
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.06% (25th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-STUDIO42ELFINDER-73510
- published 14 Jan 2019
- disclosed 14 Jan 2019
- credit Do Ha Anh
Introduced: 14 Jan 2019
CVE-2019-6257 Open this link in a new tabHow to fix?
Upgrade studio-42/elfinder
to version 2.1.46 or higher.
Overview
studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI.
Affected versions of this package are vulnerable to Server Side Request Forgery (SSRF). Malicious users could gain access to the contents of internal network resources. This occurs in get_remote_contents()
in php/elFinder.class.php
.