Description
A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such manipulation of the argument fileUrl leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-16
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal
Action: Assess
AI Analysis

Impact

The vulnerability resides in the recognizeMarkdown function of Pdf2MdUtil.java in the taoofagi easegen-admin project. By manipulating the fileUrl argument, an attacker can trigger a path traversal that may allow reading arbitrary files on the server. This weakness, identified as CWE‑22, can compromise the confidentiality of sensitive data. The impact is a potential information disclosure if the file traversal resolves to restricted files.

Affected Systems

The affected application is taoofagi easegen-admin with versions up to commit 8f87936ac774065b92fb20aab55b274a6ea76433. The specific code path is within yudao-module-digitalcourse/util/Pdf2MdUtil.java. No fixed release or version number is provided; the vendor follows rolling releases and has not published an updated version for this issue.

Risk and Exploitability

The CVSS v3.1 score is 5.1, indicating moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The vendor did not release an official fix; the exploit is publicly available and can be launched remotely from an unauthenticated or authenticated request to the recognizeMarkdown endpoint. The risk is moderate, with potential for non‑repudiation and confidentiality compromise if the application is exposed to untrusted input.

Generated by OpenCVE AI on March 17, 2026 at 00:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or repository for a newer release that addresses the path traversal issue.
  • If no patch is available, restrict external access to the recognizeMarkdown functionality, e.g., via network firewall or internal policies.
  • Implement input validation or sanitization on the fileUrl parameter to prevent movement outside the intended directory.
  • Monitor logs for anomalous access to the Pdf2MdUtil functionality and investigate any suspicious activity.

Generated by OpenCVE AI on March 17, 2026 at 00:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Taoofagi
Taoofagi easegen-admin
Vendors & Products Taoofagi
Taoofagi easegen-admin

Mon, 16 Mar 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such manipulation of the argument fileUrl leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
Title taoofagi easegen-admin Pdf2MdUtil.java recognizeMarkdown path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Taoofagi Easegen-admin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-17T13:20:20.802Z

Reserved: 2026-03-16T16:26:14.633Z

Link: CVE-2026-4285

cve-icon Vulnrichment

Updated: 2026-03-17T13:20:16.491Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T00:16:19.280

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-4285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:42Z

Weaknesses