Headline
GHSA-qghr-877h-f9jh: markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 5, 2023
Related news
CVE-2023-0835: markdown-pdf 11.0.0 - Local File Read via Server Side XSS | Advisories | Fluid Attacks
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.