VYPR

CodiMD

by HedgeDoc

CVEs (2)

  • CVE-2021-29474MedApr 26, 2021
    risk 0.31cvss 4.7epss 0.02

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you…

  • CVE-2021-29475CriApr 26, 2021
    risk 0.00cvss 10.0epss 0.01

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the…