2 matches found
MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827
MJML before 5.0.0-alpha.9 allows mj-include directory traversal to test file existence and in the type="css" case read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827...
@27works/posto (>=2.0.0 <=2.0.2), @abdul778/page-editor (>=0.1.0 <=0.41.0) +618 more potentially affected by CVE-2020-12827 via mjml (>=0.1.0 <=4.5.1)
mjml NPM version =0.1.0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.122, =0.16.9, =1.0.4, =1.0.0, =2.0.0, =12.5.0, =1.0.0, =2.2.7-bb.3, =2.2.7-bb.7 - @becomes/mjml =1.0.0 - @bedrock-foundation/sdk =0.0.2 and more Source cves: CVE-2020-12827 Source advisory: OSV:GHSA-4HCH-R9XF-6VFR...