GHSA-rmjr-87wv-gf87

Source

https://github.com/advisories/GHSA-rmjr-87wv-gf87

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-rmjr-87wv-gf87/GHSA-rmjr-87wv-gf87.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rmjr-87wv-gf87

Aliases

CVE-2025-11849

Published

2025-10-17T06:31:11Z

Modified

2025-10-17T18:27:42.736888Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H CVSS Calculator
5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H/E:P CVSS Calculator

Summary

Mammoth is vulnerable to Directory Traversal

Details

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link (r:link attribute instead of embedded r:embed). The library resolves the URI to a file path and after reading, the content is encoded as base64 and included in the HTML output as a data URI. An attacker can read arbitrary files on the system where the conversion is performed or cause an excessive resources consumption by crafting a docx file that links to special device files such as /dev/random or /dev/zero.

Database specific

{
    "nvd_published_at": "2025-10-17T05:15:33Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-17T17:50:00Z"
}

References

Affected packages

npm / mammoth

Package

Name: mammoth; View open source insights on deps.dev
Purl: pkg:npm/mammoth

Affected ranges

Type: SEMVER
Events: Introduced

0.3.25

Fixed

1.11.0

Maven / org.zwobble.mammoth:mammoth

Package

Name: org.zwobble.mammoth:mammoth; View open source insights on deps.dev
Purl: pkg:maven/org.zwobble.mammoth/mammoth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.0

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

1.*

1.3.0

1.3.1

1.4.0

1.4.1

1.4.2

1.5.0

1.7.0

1.8.0

1.9.0

1.10.0

PyPI / mammoth

Package

Name: mammoth; View open source insights on deps.dev
Purl: pkg:pypi/mammoth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.3.25

Fixed

1.11.0

Affected versions

0.*

0.3.25

0.3.26

0.3.27

0.3.29

0.3.30

0.3.31

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.1.1

1.2.0

1.2.1

1.2.2

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.5.0

1.5.1

1.6.0

1.7.0

1.7.1

1.8.0

1.9.0

1.9.1

1.10.0

NuGet / Mammoth

Package

Name: Mammoth; View open source insights on deps.dev
Purl: pkg:nuget/Mammoth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.0

Affected versions

0.*

0.0.1

0.0.2

1.*

1.3.1

1.3.2

1.4.0

1.8.0