CVE-2026-46345

HIGH8.4

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Published: 5/28/2026Modified: 5/28/2026

Description

**Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace. The application does not properly validate: * `../` * `..\` * absolute paths This allows arbitrary file write to attacker-controlled locations. Vulnerable code: ```python output_file = trestle_root / r_output_file ``` An attacker can overwrite files such as: * `.github/workflows/*.yml` * `.git/hooks/*` * user writable config files This can lead to CI/CD compromise or local code execution. --- ## Steps To Reproduce: 1. Clone the repository: ```bash git clone https://github.com/oscal-compass/compliance-trestle.git cd compliance-trestle ``` 2. Create template: ```bash echo "hello" > template.j2 ``` 3. Run: ```powershell trestle author jinja -i template.j2 -o "subdir\..\..\..\..\..\poc.txt" ``` 4. Observe: ```powershell dir E:\poc.txt ``` The file is written outside the repository workspace. --- ## Browsers Verified In: Not browser related. Tested on: * Windows 11 * Python 3.13 --- ## Supporting Material/References: Affected file: ```text trestle/core/commands/author/jinja.py ``` Successfully verified: * directory traversal using `../` * Windows traversal using `..\` * arbitrary file write outside workspace --- ## Access Vector Required for Exploitation: Local --- ## Vulnerability Exists in Default Configuration?: Yes --- ## Is the exploitation trivial or does it involve a multi-step process that may depend on user/victim interaction?: Trivial. Single command execution. --- ## Exploitation Requires Authentication?: No --- ## Under what privileges does the vulnerable service or component run?: Runs with privileges of the user executing the `trestle` command. ## Impact An attacker can write files outside the intended workspace directory and overwrite sensitive files writable by the current user. Possible impacts include: * overwriting `.github/workflows/*.yml` to execute attacker-controlled GitHub Actions workflows * overwriting `.git/hooks/*` for local code execution * modifying user configuration files such as `.bashrc` * tampering with repository files and generated compliance artifacts In CI/CD environments, this may result in execution of attacker-controlled commands on build runners.

Affected packages (1)

PyPI/compliance-trestle>= 4.0.0, < 4.0.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Affected packages (1)

CVSS scores

References (4)