Arbitrary Code Injection
md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...