CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

@27works/posto (>=2.0.0 <=2.0.2), @abdul778/page-editor (>=0.1.0 <=0.41.0) +599 more potentially affected by CVE-2020-12827 +1 more via mjml (>=0.1.0 <=4.18.0)

mjml NPM version =0.1.0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.122, =0.16.9, =1.0.4, =1.0.0, =2.0.0, =12.5.0, =2.2.7-bb.3, =0.0.2, =0.4.3 and more Source cves: CVE-2020-12827, CVE-2025-67898 Source advisory: OSV:GHSA-45H5-66JX-R2WF...

CVE-2025-67898

CVE-2025-67898 affects MJML up to version 4.18.0, where the mj-include directive allows directory traversal to test file existence and, in type="css" cases, read files. The issue arises from an incomplete fix related to CVE-2020-12827. Several connected sources corroborate the exact behavior (dir...

CVE-2025-67898

MJML through 4.18.0 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...

EUVD-2022-2384

Malicious code in bioql PyPI...

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...

CVE-2020-12827

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...