markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-04-04T00:00:00
Updated: 2024-08-02T05:24:34.504Z
Reserved: 2023-02-14T00:00:00
Link: CVE-2023-0835
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-04T23:15:07.310
Modified: 2024-11-21T07:37:55.543
Link: CVE-2023-0835
Redhat
No data.