High severityNVD Advisory· Published Jun 17, 2020· Updated Aug 4, 2024
CVE-2020-12827
CVE-2020-12827
Description
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mjmlnpm | < 4.6.3 | 4.6.3 |
Affected products
2- MJML/MJMLdescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-4hch-r9xf-6vfrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-12827ghsaADVISORY
- packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.htmlghsax_refsource_MISCWEB
- seclists.org/fulldisclosure/2020/Jun/23ghsamailing-listx_refsource_FULLDISCWEB
- github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12ghsax_refsource_MISCWEB
- github.com/mjmlio/mjml/releases/tag/v4.6.3ghsax_refsource_MISCWEB
- mjml.io/communitymitrex_refsource_MISC
- rcesecurity.commitrex_refsource_MISC
- twitter.com/mjmliomitrex_refsource_MISC
News mentions
0No linked articles in our index yet.