5 matches found
Arbitrary Code Injection
md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...
Arbitrary Code Injection
Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...
tinacms is vulnerable to arbitrary code execution
Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...
GHSA-529F-9QWM-9628 tinacms is vulnerable to arbitrary code execution
Summary tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. Details The gray-matter package executes by default the code in the markdown file's front matter. tinacms...
CVE-2025-65108
md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process o...