lucasmirloup
commented
1 year ago I may have opened an issue in the wrong repository, is helios-ag/fm-elfinder-php-connector the one that is vulnerable ? Both of them ?
Open lucasmirloup opened 1 year ago
lucasmirloup
commented
1 year ago I may have opened an issue in the wrong repository, is helios-ag/fm-elfinder-php-connector the one that is vulnerable ? Both of them ?
Hi :wave:
If I'm not mistaken, this package uses ElFinder < 2.1.58. These versions are affected by 3 active CVEs : CVE-2021-23394, CVE-2021-32682 & CVE-2023-35840.
I'm aware that this package is deprecated, but could it be possible to flag all its versions as "vulnerable" on Packagist.org please ?
Thank you.