Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled.
[
{
"vendor": "n/a",
"product": "Markdownify",
"versions": [
{
"version": "1.4.1",
"status": "affected"
}
]
}
]