Description
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
Remediation
References
http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html
http://seclists.org/fulldisclosure/2020/Jun/23
https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12
https://github.com/mjmlio/mjml/releases/tag/v4.6.3
https://mjml.io/community
https://rcesecurity.com
https://twitter.com/mjmlio
Related Vulnerabilities
CVE-2021-34078 Vulnerability in npm package lifion-verify-deps
CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2021-31684 Vulnerability in maven package net.minidev:json-smart
CVE-2022-32065 Vulnerability in maven package com.ruoyi:ruoyi