CVE-2024-7738

Опубликовано: 13 авг. 2024

Источник: nvd

CVSS3: 3.3

CVSS3: 7.8

CVSS2: 1.7

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md
Broken Link
https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4
Broken Link
https://vuldb.com/?ctiid.274358
Permissions Required
https://vuldb.com/?id.274358
Third Party Advisory
https://vuldb.com/?submit.385634
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yzane:markdown_pdf:1.5.0:*:*:*:*:visual_studio_code:*:*

EPSS

Процентиль: 50%

0.00268

Низкий

3.3 Low

CVSS3

7.8 High

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-21

CWE-22

Связанные уязвимости

GHSA-4r4v-2j2q-ch33

CVSS3: 3.3

github

больше 1 года назад

EPSS

Процентиль: 50%

0.00268

Низкий

3.3 Low

CVSS3

7.8 High

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-21

CWE-22