3 matches found
@27works/posto (>=2.0.0 <=2.0.2), @abc45676/mailer (=1.0.0) +788 more potentially affected by CVE-2025-67898 via mjml-core (>=2.3.3 <=5.3.0)
mjml-core NPM version =2.3.3, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.122, =0.16.9, =1.0.4, =1.0.0, =0.0.1, =0.0.10, =1.0.0, =0.0.1, =0.0.3, =1.0.1, =1.0.6 and more Source cves: CVE-2025-67898 Source advisory: SNYK:JS-MJMLCORE-14417285...
Directory Traversal
Overview org.webjars.npm:mjml-core is a mjml-core Affected versions of this package are vulnerable to Directory Traversal via the ignoreIncludes parameter, which still defaults to false. An attacker can access arbitrary files by supplying crafted input that causes traversal outside the intended...
Directory Traversal
Overview mjml-core is a mjml-core Affected versions of this package are vulnerable to Directory Traversal via the ignoreIncludes parameter, which still defaults to false. An attacker can access arbitrary files by supplying crafted input that causes traversal outside the intended directory. Detail...