N/A

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link (r:link attribute instead of embedded r:embed). The library resolves the URI to a file path and after reading, the content is encoded as base64 and included in the HTML output as a data URI. An attacker can read arbitrary files on the system where the conversion is performed or cause an excessive resources consumption by crafting a docx file that links to special device files such as /dev/random or /dev/zero.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H

对路径名的限制不恰当(路径遍历)

Mammoth 安全漏洞

Mammoth是Michael Williamson个人开发者的一个将Word文档转换为HTML的工具。 mammoth 0.3.25版本和1.11.0之前版本存在安全漏洞，该漏洞源于处理docx文件时缺少路径或文件类型验证，可能导致目录遍历攻击或资源过度消耗。

N/A

N/A