elFinder icon indicating copy to clipboard operation
elFinder copied to clipboard

Published 20 hours ago verified publisher icon Studio-42

Security vulnerability found on the last version

Open pedromntomas opened this issue 6 months ago • 0 comments

Describe the bug Running "composer audit" we get that there's a new CVE regarding the latest version of elfinder

+-------------------+----------------------------------------------------------------------------------+ | Package | studio-42/elfinder | | Severity | high | | CVE | CVE-2024-38909 | | Title | Studio 42 elFinder vulnerable to Incorrect Access Control | | URL | https://github.com/advisories/GHSA-3h9f-mm2x-4j58 | | Affected versions | <=2.1.64 | | Reported at | 2024-07-30T15:31:28+00:00 | +-------------------+----------------------------------------------------------------------------------+

To Reproduce Steps to reproduce the behavior:

  1. Go to a folder of a project where elfinder is installed via composer
  2. Run "composer audit"
  3. See result

Expected behavior The package shouldn't have any security vulnerability

Desktop (please complete the following information):

  • OS: linux
  • Browser ff/chrome
  • Version latest

pedromntomas avatar Aug 06 '24 14:08 pedromntomas