3 matches found
CVE-2021-29475
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
CVE-2021-29475
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
CVE-2021-29475
CVE-2021-29475 affects HedgeDoc (formerly CodiMD). The vulnerability allows an attacker who can modify a note to cause the system to export the note to PDF in a way that reads arbitrary files from the server’s filesystem (including config.json and other sensitive data) via file:/// references use...