VYPR

npm package

electron-markdownify

pkg:npm/electron-markdownify

Vulnerabilities (2)

  • CVE-2022-41710Nov 3, 2022
    affected <= 1.4.1

    Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) an

  • CVE-2022-41709Oct 19, 2022
    affected <= 1.4.1

    Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.