CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25293
https://notcve.org/view.php?id=CVE-2024-25293
01 Mar 2024 — mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. Se descubrió que las versiones 3.0.4 y 3.1.0-beta de mjml-app contienen una ejecución remota de código (RCE) a través del atributo href. • https://github.com/EQSTLab/CVE-2024-25293 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2020-12827 – MJML 4.6.2 Path Traversal
https://notcve.org/view.php?id=CVE-2020-12827
16 Jun 2020 — MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. MJML versiones anteriores a 4.6.3, contiene una vulnerabilidad de salto de ruta cuando se procesa una directiva mj-include dentro de un documento de MJML MJML versions 4.6.2 and below suffer from a path traversal vulnerability. • https://packetstorm.news/files/id/158111 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •