CVE-2021-27916

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27916

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27916.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-27916

Aliases

GHSA-9fcx-cv56-w58p

Published

2024-09-17T15:15:11Z

Modified

2024-10-11T09:41:26Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.

This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

References

https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type: GIT
Repo: https://github.com/mautic/mautic
Events: Introduced

692f0d922889b296208723056056a76f4c3b87a4

Fixed

d1a8dcdf235f5b50bd1e05146a704e0c250c25da