GHSA-5xw2-57jx-pgjp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5xw2-57jx-pgjp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-5xw2-57jx-pgjp/GHSA-5xw2-57jx-pgjp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5xw2-57jx-pgjp
- Aliases
-
- CVE-2025-13827
- Published
- 2025-12-02T21:11:33Z
- Modified
- 2025-12-02T21:37:53.759277Z
- Severity
-
- 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- GrapesJsBuilder File Upload allows all file uploads
- Details
-
Summary
Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.
Impact
If the media folder is not restricted from running files this can lead to a remote code execution.
- Database specific
{ "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-434" ], "nvd_published_at": "2025-12-02T17:16:03Z", "github_reviewed_at": "2025-12-02T21:11:33Z" }- References
Affected packages
Packagist / mautic/grapes-js-builder-bundle
Package
- Name
- mautic/grapes-js-builder-bundle
- Purl
- pkg:composer/mautic/grapes-js-builder-bundle
Packagist / mautic/grapes-js-builder-bundle
Package
- Name
- mautic/grapes-js-builder-bundle
- Purl
- pkg:composer/mautic/grapes-js-builder-bundle
Packagist / mautic/grapes-js-builder-bundle
Package
- Name
- mautic/grapes-js-builder-bundle
- Purl
- pkg:composer/mautic/grapes-js-builder-bundle