5 matches found
CVE-2026-24741
ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...
CVE-2023-50424
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
PT-2023-33076 · Comrak +1 · Comrak +1
Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue is related to an overly large response triggered by a large number of references in a markdown document. This is due to an upstream cmark issue. Recommendations: For versions prior to...
Comrak 资源管理错误漏洞
Comrak is a CommonMark+GFM-compatible Markdown parser and renderer from the individual developer Asherah Connor. A resource management error vulnerability exists in versions of comrak prior to 0.17.0, which stems from a denial of service attack when parsing Markdown with Comrak...
PT-2023-21863 · Comrak · Comrak
Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contain...