CVE-2023-44141

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file...

CVE-2023-44141

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file...

CVE-2023-44141

Inkdrop (Markdown editor) is affected by CVE-2023-44141. Prior to version 5.6.0, a local attacker can cause arbitrary code execution by convincing a legitimate user to open a specially crafted Markdown file. Root cause is a code injection vulnerability in the handling of Markdown content. Impact ...

Node.js third-party modules: [ascii-art] Command injection

I would like to report a command injection vulnerability in the ascii-art npm module. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: ascii-art version: 1.4.3 npm page: https://www.npmjs.com/package/ascii-art Module Description...

Node.js third-party modules: [general-file-server] Path Traversal vulnerability allows to read content on arbitrary file on the server

Hi Guys, There is Path Traversal in general-file-server module. It allows to read content of arbitrary files on the remote server. Module general-file-server This is a general file server made by nodejs. It will be easy for you to access the files on the server through the browser...

February 2016 Security Release Summary

February 2016 Security Release Summary Two weeks ago we announced the planned release of updates to all active release lines, v0.10, v0.12, v4 and v5, to fix HTTP related vulnerabilities and to upgrade the bundled versions of OpenSSL. Upon release of the OpenSSL updates we posted an impact...