MEDIUM 4.5

GHSA-45h5-66jx-r2wf

MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

Details

MJML before 5.0.0-alpha.9 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / mjml

Introduced in: 0 Fixed in: 5.0.0-alpha.9

Fix npm install mjml@5.0.0-alpha.9

References

https://nvd.nist.gov/vuln/detail/CVE-2020-12827 [ADVISORY]
https://nvd.nist.gov/vuln/detail/CVE-2025-67898 [ADVISORY]
https://github.com/mjmlio/mjml/issues/3018 [WEB]
https://github.com/mjmlio/mjml/pull/3033 [WEB]
https://github.com/mjmlio/mjml/commit/517b376b068e71c713ec4bb4ef9e5b0b7235b8ce [WEB]
https://github.com/mjmlio/mjml [PACKAGE]