Path Traversal Vulnerability in MJML by MJMLIO
CVE-2020-12827

7.2HIGH

Key Information:

Vendor

Mjml

Status
Mjml
Vendor
CVE Published:
17 June 2020

What is CVE-2020-12827?

MJML, a framework for responsive email, is vulnerable prior to version 4.6.3 due to a path traversal issue. This vulnerability arises when processing the mj-include directive, allowing an attacker to manipulate file paths and access files outside of the intended directory. Implementing an update to version 4.6.3 or later is crucial to mitigate this security risk and protect sensitive file structures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d6...
x_refsource_MISC
https://github.com/mjmlio/mjml/releases/tag/v4.6.3
x_refsource_MISC
https://twitter.com/mjmlio
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.