Lucene search

K

Markdownify Security Vulnerabilities

cve
cve

CVE-2022-41710

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not...

5.5CVSS

5.3AI Score

0.001EPSS

2022-11-03 08:15 PM
29
4
cve
cve

CVE-2022-41709

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option...

7.8CVSS

7.8AI Score

0.001EPSS

2022-10-19 05:15 PM
37
3