CVE-2021-23639
md-to-pdf before 5.0.0 is vulnerable to Remote Code Execution via gray-matter parsing of front matter without disabling the JS engine. Affected tool is the CLI md-to-pdf (Simonhaenisch) with PoC demonstrations and Snyk/Snyk-like advisories confirming RCE risk. The root cause is executing embedded...