GHSA-4q5v-7g7x-j79w

Suggest an improvement
Source
https://github.com/advisories/GHSA-4q5v-7g7x-j79w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-4q5v-7g7x-j79w/GHSA-4q5v-7g7x-j79w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4q5v-7g7x-j79w
Aliases
  • CVE-2026-46345
Published
2026-05-28T17:44:03Z
Modified
2026-05-28T18:00:08.491110351Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
Details

Relevant Products/Components:

  • trestle/core/commands/author/jinja.py
  • trestle author jinja

Detailed Description:

The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.

The application does not properly validate:

  • ../
  • ..\
  • absolute paths

This allows arbitrary file write to attacker-controlled locations.

Vulnerable code:

output_file = trestle_root / r_output_file

An attacker can overwrite files such as:

  • .github/workflows/*.yml
  • .git/hooks/*
  • user writable config files

This can lead to CI/CD compromise or local code execution.

Steps To Reproduce:

  1. Clone the repository:
git clone https://github.com/oscal-compass/compliance-trestle.git
cd compliance-trestle
  1. Create template:
echo "hello" > template.j2
  1. Run:
trestle author jinja -i template.j2 -o "subdir\..\..\..\..\..\poc.txt"
  1. Observe:
dir E:\poc.txt

The file is written outside the repository workspace.

Browsers Verified In:

Not browser related.

Tested on:

  • Windows 11
  • Python 3.13

Supporting Material/References:

Affected file:

trestle/core/commands/author/jinja.py

Successfully verified:

  • directory traversal using ../
  • Windows traversal using ..\
  • arbitrary file write outside workspace

Access Vector Required for Exploitation:

Local

Vulnerability Exists in Default Configuration?:

Yes

Is the exploitation trivial or does it involve a multi-step process that may depend on user/victim interaction?:

Trivial. Single command execution.

Exploitation Requires Authentication?:

No

Under what privileges does the vulnerable service or component run?:

Runs with privileges of the user executing the trestle command.

Impact

An attacker can write files outside the intended workspace directory and overwrite sensitive files writable by the current user.

Possible impacts include:

  • overwriting .github/workflows/*.yml to execute attacker-controlled GitHub Actions workflows
  • overwriting .git/hooks/* for local code execution
  • modifying user configuration files such as .bashrc
  • tampering with repository files and generated compliance artifacts

In CI/CD environments, this may result in execution of attacker-controlled commands on build runners.

Database specific 
{
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-22",
        "CWE-36",
        "CWE-73"
    ],
    "nvd_published_at": null,
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-28T17:44:03Z"
}
References

Affected packages

PyPI / compliance-trestle

Package

Name
compliance-trestle
View open source insights on deps.dev
Purl
pkg:pypi/compliance-trestle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.3

Affected versions

4.*
4.0.0
4.0.1
4.0.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-4q5v-7g7x-j79w/GHSA-4q5v-7g7x-j79w.json"

PyPI / compliance-trestle

Package

Name
compliance-trestle
View open source insights on deps.dev
Purl
pkg:pypi/compliance-trestle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.2

Affected versions

0.*
0.0.2
0.0.3
0.1.0
0.1.1
0.2.0
0.2.1
0.2.2
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.8.0
0.8.1
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.16.0
0.17.0
0.18.0
0.18.1
0.19.0
0.20.0
0.21.0
0.22.0
0.22.1
0.23.0
0.24.0
0.25.0
0.25.1
0.26.0
0.27.0
0.27.1
0.27.2
0.28.0
0.28.1
0.29.0
0.30.0
0.31.0
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.36.0
0.37.0
1.*
1.0.0rc0
1.0.1
1.0.2
1.1.0
1.2.0
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.3.1
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
3.*
3.0.1
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.8.1
3.9.0
3.9.1
3.9.2
3.9.3
3.10.2
3.10.3
3.10.4
3.11.0
3.12.0
3.12.1

Database specific

last_known_affected_version_range 
"<= 3.12.1"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-4q5v-7g7x-j79w/GHSA-4q5v-7g7x-j79w.json"