org.zwobble.mammoth:mammoth@1.8.0 vulnerabilities

  • latest version

    1.11.0

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    29 days ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.zwobble.mammoth:mammoth package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Directory Traversal

    Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link (r:link attribute instead of embedded r:embed). The library resolves the URI to a file path and after reading, the content is encoded as base64 and included in the HTML output as a data URI. An attacker can read arbitrary files on the system where the conversion is performed or cause an excessive resources consumption by crafting a docx file that links to special device files such as /dev/random or /dev/zero.

    How to fix Directory Traversal?

    Upgrade org.zwobble.mammoth:mammoth to version 1.11.0 or higher.

    [,1.11.0)