Moderate severityNVD Advisory· Published May 17, 2021· Updated Aug 3, 2024

CVE-2021-33041

Description

vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
vmdnpm	<= 1.34.0	—

Affected products

vmd/vmddescription
ghsa-coords
pkg:npm/vmd
Range: <= 1.34.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pfr3-87q3-65rcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-33041ghsaADVISORY
github.com/yoshuawuyts/vmd/issues/137ghsax_refsource_MISCWEB
www.npmjs.com/package/vmdghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000