CVE-2020-12827 : MJML prior to 4.6.3 contains a path traversal vulnerability when processing the

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.

Published 2020-06-17 14:15:11

Updated 2020-06-23 00:09:53

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2020-12827

Mjml » Mjml
Versions before (<) 4.6.3
cpe:2.3:a:mjml:mjml:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

1.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L	3.9	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: Low Integrity: None Availability: Low

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

http://seclists.org/fulldisclosure/2020/Jun/23

Full Disclosure: [CVE-2020-12827] MJML <= 4.6.2 mj-include "path" Path Traversal
Exploit;Mailing List;Third Party Advisory
https://mjml.io/community

Community - MJML
Vendor Advisory
http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html

MJML 4.6.2 Path Traversal ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://twitter.com/mjmlio

mjml. (@mjmlio) / Twitter
Third Party Advisory
https://rcesecurity.com

Broken Link

CVEs referencing this url
https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12

expose ignoreIncludes on mjml2html · mjmlio/mjml@30e29ed · GitHub
Patch;Third Party Advisory
https://github.com/mjmlio/mjml/releases/tag/v4.6.3

Release v4.6.3 · mjmlio/mjml · GitHub
Release Notes;Third Party Advisory

Jump to