@bitacode/apispecmd-ts (=0.0.2), @cjser/gulp-markdown-pdf (=9.0.0-cjser.2) +63 more potentially affected by CVE-2018-3770 via markdown-pdf (>=0.1.1 <=8.1.1)

markdown-pdf NPM version =0.1.1, =1.0.0, =1.0.0, =1.0.6, =1.2.151, =1.0.1, =1.17.0, =2.0.0, =0.1.0, =2.0.0, =2.1.0 and more Source cves: CVE-2018-3770 Source advisory: OSV:GHSA-P7C9-JQHQ-VR3V...

CVE-2018-3770

A path traversal exists in markdown-pdf version 9.0.0 that allows a user to insert a malicious html code that can result in reading the local files...

CVE-2018-3770

markdown-pdf versions prior to 9.0.0 are vulnerable to path traversal and potential remote code execution due to insufficient sanitization of HTML in Markdown files. Concrete details across multiple connected documents show that injecting malicious HTML can lead to reading local files and, in som...