Moderate severityNVD Advisory· Published Jul 20, 2018· Updated Sep 16, 2024
CVE-2018-3770
CVE-2018-3770
Description
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
markdown-pdfnpm | < 9.0.0 | 9.0.0 |
Affected products
2- HackerOne/markdown-pdfv5Range: 9.0.0
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-p7c9-jqhq-vr3vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3770ghsaADVISORY
- hackerone.com/reports/360727ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/991ghsaWEB
News mentions
0No linked articles in our index yet.