Description
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Remediation
References
https://hackerone.com/reports/360727
Related Vulnerabilities
CVE-2020-7691 Vulnerability in maven package org.webjars.npm:jspdf
CVE-2020-19698 Vulnerability in maven package org.webjars.bower:editor.md
CVE-2022-4135 Vulnerability in npm package electron
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge