2 matches found
CVE-2022-45025
Markdown Preview Enhanced for VSCode and Atom (versions 0.6.5–0.19.6) contains a command-injection vulnerability via the PDF file import function. The Red Hat/GH reports describe an OS command injection via spawn with shell: true in the Mume library (pdf.ts), enabling arbitrary code execution if ...
CVE-2022-45026
Markdown Preview Enhanced for VSCode and Atom (versions 0.6.5–0.19.6) contains a command-injection flaw during the GFM export process. The root cause is an issue in how the extension handles GFM export, allowing arbitrary commands to be executed by an attacker. A PoC exploit is indicated in the c...