Lucene search
GitHub Advisory DatabaseGHSA-QGHR-877H-F9JHHistoryApr 05, 2023 - 12:30 a.m.
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
2023-04-0500:30:38
CWE-79
GitHub Advisory Database
github.com
12
xss
server side
remote obtain
arbitrary local files
validation
markdown content
version 11.0.0
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.002 Low
EPSS
Percentile
56.4%
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
Affected configurations
Node
markdownpdfRange≤11.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| markdown-pdf | le | 11.0.0 |
Related
cvelist
cvelist
CVE-2023-0835
2023-04-04 00:00:00
osv
osv
cve
cve
CVE-2023-0835
2023-04-04 23:15:07
nvd
nvd
CVE-2023-0835
2023-04-04 23:15:07
prion
prion
Xxe
2023-04-04 23:15:00
veracode
veracode
Arbitrary File Read
2023-04-17 11:55:46
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.002 Low
EPSS
Percentile
56.4%
Related for GHSA-QGHR-877H-F9JH