65 matches found
CVE-2025-59940 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8...
Improper Neutralization of Escape Characters
Overview mkdocs-include-markdown-plugin is a Mkdocs Markdown includer plugin. Affected versions of this package are vulnerable to Improper Neutralization of Escape Characters in the placeholder substitution process. An attacker can cause unintended modifications to output or disrupt application...
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...
GHSA-V39M-5M9J-M9W9 mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...
Linux Distros Unpatched Vulnerability : CVE-2021-40978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the...
Malicious code in mkdocs-material (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e8872e6e833db36b43b1b63f9aa1324d6d0f193b0a0a1e352bf104215f00d4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1671 Malicious code in mkdocs-material (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e8872e6e833db36b43b1b63f9aa1324d6d0f193b0a0a1e352bf104215f00d4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Directory traversal in mkdocs
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...
mkdocs-protobuf (>=0.0.1 <=0.0.8), mkdocs-semos-plugin (>=0.1.1 <=0.1.3) +1 more potentially affected by CVE-2021-40978 via mkdocs (=1.2.2)
mkdocs PYPI version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on mkdocs and may be impacted: - mkdocs-protobuf =0.0.1, =0.1.1, =0.1.1, =0.1.5 Source cves: CVE-2021-40978 Source advisory: OSV:GHSA-QH9Q-34H6-HCV9...
GHSA-QH9Q-34H6-HCV9 Directory traversal in mkdocs
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...
CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
DEBIAN-CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
PYSEC-2021-878
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
Directory traversal
DISPUTED The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and...
mkdocs-protobuf (>=0.0.1 <=0.0.8), mkdocs-semos-plugin (>=0.1.1 <=0.1.3) +1 more potentially affected by CVE-2021-40978 via mkdocs (=1.2.2)
mkdocs PYPI version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on mkdocs and may be impacted: - mkdocs-protobuf =0.0.1, =0.1.1, =0.1.1, =0.1.5 Source cves: CVE-2021-40978 Source advisory: OSV:PYSEC-2021-878...
UBUNTU-CVE-2021-40978
DISPUTED The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and...
PYSEC-2021-878
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...
CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...