2 matches found
CVE-2021-29474
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...
CVE-2021-29474
CVE-2021-29474 affects HedgeDoc (CodiMD). The vulnerability allows a relative path traversal via an improper input validation in the note creation flow: an URL-encoded alias is passed through the router into noteController.showNote, then into findNote/parseNoteId, ultimately using a possibly unva...