Description
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
Recommendation
Update the mjml package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.6.3
- Patched version(s): 4.6.3
References
- GHSA-4hch-r9xf-6vfr
- packetstormsecurity.com
- seclists.org
- CVE-2020-12827
- CWE-22
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- mjml
Anything's wrong? Let us know Last updated on October 19, 2023