exploitDog

CVE-2023-0835

Опубликовано: 04 апр. 2023

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.

Ссылки

https://fluidattacks.com/advisories/relsb/
Exploit
Third Party Advisory
https://www.npmjs.com/package/markdown-pdf/
Product
https://fluidattacks.com/advisories/relsb/
Exploit
Third Party Advisory
https://www.npmjs.com/package/markdown-pdf/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:markdown-pdf_project:markdown-pdf:11.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

8.2 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qghr-877h-f9jh

CVSS3: 7.5

github

почти 3 года назад

markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)

EPSS

Процентиль: 34%

0.00136

Низкий

8.2 High

CVSS3

Дефекты

CWE-79