2 matches found
CVE-2025-58358 Markdownify is vulnerable to command injection through pptx-to-markdown tool
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
GHSA-45QJ-4XQ3-3C45 mcp-markdownify-server vulnerable to command injection in pptx-to-markdown tool
Summary A command injection vulnerability exists in the mcp-markdownify-server MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remot...