Lucene search
K

5 matches found

Veracode
Veracode
added 2026/03/12 6:24 p.m.8 views

Arbitrary Code Injection

md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...

10CVSS7.8AI score0.00896EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/12/18 6:45 p.m.6 views

Arbitrary Code Injection

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...

8.6CVSS8AI score0.00393EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/12/18 6:45 p.m.102 views

tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.8CVSS8.3AI score0.00393EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2025/12/18 6:45 p.m.1 views

GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution

Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...

8.6CVSS6.6AI score0.00393EPSS
Exploits1References4
NVD
NVD
added 2025/11/21 10:16 p.m.7 views

CVE-2025-65108

md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...

10CVSS0.00896EPSS
Exploits0References2
Rows per page
Query Builder