Vulnerabilities > CVE-2022-41709 - Unspecified vulnerability in Markdownify Project Markdownify 1.4.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

markdownify-project

NVD

Published: 2022-10-19

Updated: 2022-10-20

Summary

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.

Vulnerable Configurations

Part	Description	Count
Application	Markdownify_Project Markdownify Project Markdownify 1.4.1	1

References

https://github.com/amitmerchant1990/electron-markdownify
https://fluidattacks.com/advisories/adams/