7.4 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.6%
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.
github.com/simonhaenisch/md-to-pdf/commit/a716259c548c82fa1d3b14a3422e9100619d2d8a
github.com/simonhaenisch/md-to-pdf/issues/99
snyk.io/vuln/SNYK-JS-MDTOPDF-1657880