Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33283
HistoryDec 13, 2021 - 3:06 a.m.

Remote Code Execution (RCE)

2021-12-1303:06:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
86
remote code execution
vulnerable software
js engine

EPSS

0.024

Percentile

90.0%

md-to-pdf is vulnerable to remote code execution. The library does not properly disable the JS engine in default when the library utilizing gray-matter to parse front matter content, allowing an attacker to execute the remote code through the JS engine.

Affected configurations

Vulners
Node
md-to-pdfRange4.1.0
VendorProductVersionCPE
*md-to-pdf*cpe:2.3:a:*:md-to-pdf:*:*:*:*:*:*:*:*

EPSS

0.024

Percentile

90.0%