PT-2020-13277 · Mjml · Mjml
Julien Ahrens
·
Published
2020-06-16
·
Updated
2025-12-14
·
CVE-2020-12827
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
MJML versions prior to 4.6.3
Description
The issue is related to a path traversal vulnerability when processing the
mj-include directive within an MJML document.Recommendations
For versions prior to 4.6.3, update to version 4.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
mj-include directive until a patch is applied.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mjml