CVE-2021-23427: Imporoper path validation in elFinder.NetCore

Severity: Critical

CVSS Score: 9.8

This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.