Description
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
Remediation
References
https://fluidattacks.com/advisories/relsb/
https://www.npmjs.com/package/markdown-pdf/
Related Vulnerabilities
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-javalite
CVE-2017-3203 Vulnerability in maven package org.springframework.flex:spring-flex-core
CVE-2020-8129 Vulnerability in npm package script-manager
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-persistence-elasticsearch-core