Количество 2
Количество 2
CVE-2025-65108
md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. This issue has been patched in version 5.2.5.
GHSA-547r-qmjm-8hvw
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-65108 md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. This issue has been patched in version 5.2.5. | CVSS3: 10 | 0% Низкий | 3 месяца назад |
| GHSA-547r-qmjm-8hvw md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter | CVSS3: 10 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу