exploitDog

CVE-2022-41709

Опубликовано: 19 окт. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.

Ссылки

https://fluidattacks.com/advisories/adams/
Exploit
Third Party Advisory
https://github.com/amitmerchant1990/electron-markdownify
Third Party Advisory
https://fluidattacks.com/advisories/adams/
Exploit
Third Party Advisory
https://github.com/amitmerchant1990/electron-markdownify
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:markdownify_project:markdownify:1.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00077

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-829

Связанные уязвимости

GHSA-c942-mfmp-p4fh

CVSS3: 7.8

github

больше 3 лет назад

Markdownify subject to Remote Code Execution via malicious markdown file

EPSS

Процентиль: 23%

0.00077

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-829