Critical severityNVD Advisory· Published Dec 10, 2021· Updated Sep 17, 2024
Remote Code Execution (RCE)
CVE-2021-23639
Description
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
md-to-pdfnpm | < 5.0.0 | 5.0.0 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x949-7cm6-fm6pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23639ghsaADVISORY
- github.com/simonhaenisch/md-to-pdf/commit/a716259c548c82fa1d3b14a3422e9100619d2d8aghsax_refsource_MISCWEB
- github.com/simonhaenisch/md-to-pdf/issues/99ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-MDTOPDF-1657880ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.