VYPR
High severityGHSA Advisory· Published May 28, 2026· Updated May 28, 2026

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

CVE-2026-46345

Description

Relevant Products/Components:

  • trestle/core/commands/author/jinja.py
  • trestle author jinja

---

Detailed

Description:

The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.

The application does not properly validate:

  • ../
  • ..\
  • absolute paths

This allows arbitrary file write to attacker-controlled locations.

Vulnerable code:

output_file = trestle_root / r_output_file

An attacker can overwrite files such as:

  • .github/workflows/*.yml
  • .git/hooks/*
  • user writable config files

This can lead to CI/CD compromise or local code execution.

---

Steps

To Reproduce:

  1. Clone the repository:
git clone https://github.com/oscal-compass/compliance-trestle.git
cd compliance-trestle
  1. Create template:
echo "hello" > template.j2
  1. Run:
trestle author jinja -i template.j2 -o "subdir\..\..\..\..\..\poc.txt"
  1. Observe:
dir E:\poc.txt

The file is written outside the repository workspace.

---

Browsers

Verified In:

Not browser related.

Tested on:

  • Windows 11
  • Python 3.13

---

Supporting

Material/References:

Affected file:

trestle/core/commands/author/jinja.py

Successfully verified:

  • directory traversal using ../
  • Windows traversal using ..\
  • arbitrary file write outside workspace

---

Access

Vector Required for Exploitation:

Local

---

Vulnerability

Exists in Default Configuration?:

Yes

---

Is the exploitation trivial or does it involve a multi-step process that may depend on user/victim interaction?:

Trivial. Single command execution.

---

Exploitation

Requires Authentication?:

No

---

Under what privileges does the vulnerable service or component run?:

Runs with privileges of the user executing the trestle command.

Impact

An attacker can write files outside the intended workspace directory and overwrite sensitive files writable by the current user.

Possible impacts include:

  • overwriting .github/workflows/*.yml to execute attacker-controlled GitHub Actions workflows
  • overwriting .git/hooks/* for local code execution
  • modifying user configuration files such as .bashrc
  • tampering with repository files and generated compliance artifacts

In CI/CD environments, this may result in execution of attacker-controlled commands on build runners.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
compliance-trestlePyPI
>= 4.0.0, < 4.0.34.0.3
compliance-trestlePyPI
< 3.12.23.12.2

Affected products

1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.