Description
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.
Recommendation
Update the mammoth package to the latest compatible version. Followings are version details:
- Affected version(s): >= 0.3.25, < 1.11.0
- Patched version(s): 1.11.0
References
Related Issues
- MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 - CVE-2025-67898
- jqueryFileTree vulnerable to Directory Traversal - CVE-2017-1000170
- nanotar is vulnerable to path traversal in parseTar() and parseTarGzip() - CVE-2025-69874
- Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service - CVE-2022-35204
- Tags:
- npm
- mammoth
Anything's wrong? Let us know Last updated on October 17, 2025