npm package
markdown-pdf
pkg:npm/markdown-pdf
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-0835 | — | <= 11.0.0 | — | Apr 4, 2023 | markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. | ||
| CVE-2018-3770 | — | < 9.0.0 | 9.0.0 | Jul 20, 2018 | A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. |
- CVE-2023-0835Apr 4, 2023affected <= 11.0.0
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
- CVE-2018-3770Jul 20, 2018affected < 9.0.0fixed 9.0.0
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.