3 matches found
Exploit for CVE-2021-23639
Overview md-to-pdf is a CLI tool for converting Markdown fil...
@bitacode/apispecmd-ts (>=0.0.1 <=0.1.2), @layer0/node-license-report (>=0.0.0 <=0.0.3) +13 more potentially affected by CVE-2021-23639 via md-to-pdf (>=2.8.2 <=4.1.0)
md-to-pdf NPM version =2.8.2, =0.0.1, =0.0.0, =0.0.2, =0.0.2, =0.7.2, =1.0.1, =0.2.0, =0.1.0, =1.1.0, =0.2.0, =1.5.0, =1.10.0, =1.0.0, =0.0.2, =0.0.10 Source cves: CVE-2021-23639 Source advisory: OSV:GHSA-X949-7CM6-FM6P...
CVE-2021-23639 Remote Code Execution (RCE)
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine...