Описание
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened.
EPSS
Процентиль: 6%
0.00024
Низкий
7.8 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.8
github
около 2 месяцев назад
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands through Node.js child_process module when the file is opened.
EPSS
Процентиль: 6%
0.00024
Низкий
7.8 High
CVSS3
Дефекты
CWE-94