Lucene search
GoogleOSV:GHSA-QGHR-877H-F9JHHistoryApr 05, 2023 - 12:30 a.m.
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
2023-04-0500:30:38
Google
osv.dev
15
server side cross-site scripting
local file read
application vulnerability
markdown content validation
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.002 Low
EPSS
Percentile
56.4%
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| markdown-pdf | le | 11.0.0 |
Related
github
github
cvelist
cvelist
CVE-2023-0835
2023-04-04 00:00:00
cve
cve
CVE-2023-0835
2023-04-04 23:15:07
nvd
nvd
CVE-2023-0835
2023-04-04 23:15:07
prion
prion
Xxe
2023-04-04 23:15:00
veracode
veracode
Arbitrary File Read
2023-04-17 11:55:46
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
0.002 Low
EPSS
Percentile
56.4%
Related for OSV:GHSA-QGHR-877H-F9JH