CVE-2023-0835
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| markdown-pdf_project:markdown-pdf | markdown-pdf project markdown-pdf | eq | 11.0.0 |
CNA Affected
[
{
"vendor": "n/a",
"product": "markdown-pdf",
"versions": [
{
"version": "11.0.0",
"status": "affected"
}
]
}
]Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%