The Syncfusion EJ2 ASPCore File Provider 3ac357f is...
Critical severity
Unreviewed
Published
Jul 12, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jul 12, 2023
Published to the GitHub Advisory Database
Jul 12, 2023
Last updated
Apr 4, 2024
The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.
References