exploitDog

CVE-2020-12827

Опубликовано: 17 июн. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.4

EPSS Низкий

Описание

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.

Ссылки

http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/23
Exploit
Mailing List
Third Party Advisory
https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12
Patch
Third Party Advisory
https://github.com/mjmlio/mjml/releases/tag/v4.6.3
Release Notes
Third Party Advisory
https://mjml.io/community
Vendor Advisory
https://rcesecurity.com
Broken Link
https://twitter.com/mjmlio
Third Party Advisory
http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Jun/23
Exploit
Mailing List
Third Party Advisory
https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12
Patch
Third Party Advisory
https://github.com/mjmlio/mjml/releases/tag/v4.6.3
Release Notes
Third Party Advisory
https://mjml.io/community
Vendor Advisory
https://rcesecurity.com
Broken Link
https://twitter.com/mjmlio
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mjml:mjml:*:*:*:*:*:*:*:*

Версия до 4.6.3 (исключая)

EPSS

Процентиль: 85%

0.02387

Низкий

7.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-4hch-r9xf-6vfr

CVSS3: 7.2

github

больше 3 лет назад

MJML vulnerable to path traversal

EPSS

Процентиль: 85%

0.02387

Низкий

7.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22