Description
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
Remediation
References
https://mjml.io/community
https://twitter.com/mjmlio
https://github.com/mjmlio/mjml/releases/tag/v4.6.3
https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12
http://seclists.org/fulldisclosure/2020/Jun/23
https://rcesecurity.com
http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html
Related Vulnerabilities
CVE-2014-3488 Vulnerability in maven package io.netty:netty
CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2
CVE-2022-43413 Vulnerability in maven package org.jenkins-ci.plugins:job-import-plugin
CVE-2016-0706 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core