Versions of markdown-pdf
prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may allow attackers to execute Remote Code.
Upgrade to version 9.0.0 or later.
CPE | Name | Operator | Version |
---|---|---|---|
markdown-pdf | lt | 9.0.0 |