CVE-2020-12827

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-12827

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12827.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-12827

Aliases

GHSA-4hch-r9xf-6vfr

Published

2020-06-17T14:15:10.523Z

Modified

2026-03-17T06:50:34.068957Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.

References

Affected packages

Git / github.com/mjmlio/mjml

Affected ranges

Type

GIT

Repo

https://github.com/mjmlio/mjml

Events

Introduced

Fixed

967cd5d2988836d93d051678cecd5ac58e77c669

Fixed

30e29ed2cdaec8684d60a6d12ea07b611c765a12

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.6.3"
        }
    ]
}

Affected versions

1.*

1.1.0

1.2.0

1.2.1

1.3.0

1.3.0-beta

1.3.0-beta2

1.3.0-beta3

1.3.0-beta4

1.3.1

1.3.2

1.3.3

1.3.4

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.4

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

3.*

3.0.0

3.0.0-beta.1

3.0.0-beta.2

3.0.1

3.0.2

3.1.0

3.1.1

3.2.0

3.2.0-beta.3

4.*

4.0.0-alpha.3

4.0.0-alpha.5

4.0.0-beta.1

4.0.0-beta.2

v1.*

v1.0.0

v1.0.2

v1.0.3

v1.0.4

v4.*

v4.0.0

v4.0.0-alpha.4

v4.0.0-alpha.5

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.0-beta.1

v4.1.0-beta.2

v4.1.0-beta.3

v4.1.0-beta.4

v4.1.1

v4.1.2

v4.2.0

v4.2.0-beta.1

v4.2.0-beta.2

v4.2.0-beta.3

v4.2.1

v4.3.0

v4.3.1

v4.4.0

v4.4.0-beta.1

v4.4.0-beta.2

v4.4.0-beta.3

v4.4.1

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12827.json"