Description

A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.

Remediation

References

https://hackerone.com/reports/360727

Related Vulnerabilities

CVE-2020-2324 Vulnerability in maven package org.jenkins-ci.plugins:cvs

CVE-2020-28487 Vulnerability in maven package org.webjars.bowergithub.visjs:vis-timeline

CVE-2020-7723 Vulnerability in npm package promisehelpers

CVE-2020-7715 Vulnerability in npm package deep-get-set

CVE-2021-38294 Vulnerability in maven package org.apache.storm:storm-server

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory