MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827
MJML before 5.0.0-alpha.9 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.