4 matches found
Mammoth is vulnerable to Directory Traversal
Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...
CVE-2025-11849
The CVE-2025-11849 entry affects Mammoth (org.zwobble.mammoth:mammoth) and the Mammoth package family up to version 1.11.0 (pre-1.11.0). The root cause is a lack of path or file-type validation when processing DOCX files containing externally linked images (r:link) instead of embedded r:embed. Th...
DEBIAN-CVE-2010-1189
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."...
CVE-2010-1189
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."...