What is GHSA-4q5v-7g7x-j79w?

GHSA-4q5v-7g7x-j79w is a security advisory published by GitHub Security Advisories with High severity. compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Which CVE IDs does GHSA-4q5v-7g7x-j79w cover?

GHSA-4q5v-7g7x-j79w covers the following CVE IDs: CVE-2026-46345. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4q5v-7g7x-j79w?

GHSA-4q5v-7g7x-j79w has a CVSS v3 base score of 8.4, published by GitHub Security Advisories.

Which products are affected by GHSA-4q5v-7g7x-j79w?

GHSA-4q5v-7g7x-j79w affects 2 products, including: pip/compliance-trestle:\u003e= 4.0.0, \u003c 4.0.3; pip/compliance-trestle:\u003c= 3.12.1.

GHSA-4q5v-7g7x-j79wHighCVSS 8.4

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-46345 →

📋 Description

Relevant Products/Components:

trestle/core/commands/author/jinja.py
trestle author jinja

Detailed Description:

The -o/--output argument in trestle author jinja allows writing files outside the intended workspace.

The application does not properly validate:

../
..\
absolute paths

This allows arbitrary file write to attacker-controlled locations.

Vulnerable code:

output_file = trestle_root / r_output_file

An attacker can overwrite files such as:

.github/workflows/*.yml
.git/hooks/*
user writable config files

This can lead to CI/CD compromise or local code execution.

Steps To Reproduce:

Clone the repository:

git clone https://github.com/oscal-compass/compliance-trestle.git
cd compliance-trestle

Create template:

echo "hello" > template.j2

Run:

trestle author jinja -i template.j2 -o "subdir\..\..\..\..\..\poc.txt"

Observe:

dir E:\poc.txt

The file is written outside the repository workspace.

Browsers Verified In:

Not browser related.

Tested on:

Windows 11
Python 3.13

Supporting Material/References:

Affected file:

trestle/core/commands/author/jinja.py

Successfully verified:

directory traversal using ../
Windows traversal using ..\
arbitrary file write outside workspace

Access Vector Required for Exploitation:

Local

Vulnerability Exists in Default Configuration?:

Yes

Is the exploitation trivial or does it involve a multi-step process that may depend on user/victim interaction?:

Trivial. Single command execution.

Exploitation Requires Authentication?:

Under what privileges does the vulnerable service or component run?:

Runs with privileges of the user executing the trestle command.

Impact

An attacker can write files outside the intended workspace directory and overwrite sensitive files writable by the current user.

Possible impacts include:

overwriting .github/workflows/*.yml to execute attacker-controlled GitHub Actions workflows
overwriting .git/hooks/* for local code execution
modifying user configuration files such as .bashrc
tampering with repository files and generated compliance artifacts

In CI/CD environments, this may result in execution of attacker-controlled commands on build runners.

🎯 Affected products2

pip/compliance-trestle:>= 4.0.0, < 4.0.3
pip/compliance-trestle:<= 3.12.1