MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827
- Severity:
- Medium
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type=”css” case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 4.18.0
References
Related Issues
- MJML vulnerable to path traversal - CVE-2020-12827
- simplehttpserver allows directory traversal and file listing - CVE-2018-3787
- Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory - CVE-2026-30848
- Directory traversal in rollup-plugin-server - CVE-2020-7686
- Tags:
- npm
- mjml
Anything's wrong? Let us know Last updated on December 17, 2025