2 matches found
CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...
CVE-2023-32309
CVE-2023-32309 affects PyMdown Extensions (Python-Markdown extensions) and specifically the Snippets feature. The vulnerability allows arbitrary file read via include-file syntax and directory-tr traversal beyond a configured base path, e.g. paths like /etc/passwd or /proc/self/environ can be exp...