3 matches found
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2022-40276
The CVE-2022-40276 entry concerns Zettlr 2.3.0, where viewing a malicious Markdown file can lead to remote disclosure of arbitrary local files on the client. The root cause cited across sources is weak or missing Content Security Policy (CSP) and/or insufficient validation of Markdown content bef...