Gửi #385634: yzane Markdown PDF Vscode Extension 1.5.0 Pathname Traversalthông tin

tiêu đềyzane Markdown PDF Vscode Extension 1.5.0 Pathname Traversal
Mô tảThe yzane Markdown PDF VS Code extension version 1.5.0 is vulnerable due to a failure to properly validate and sanitize file paths included in user-provided Markdown files. This issue allows unauthorized access to sensitive files on the system, which can subsequently be rendered into the PDF format. Marketplace: https://marketplace.visualstudio.com/items?itemName=yzane.markdown-pdf Repository: https://github.com/yzane/vscode-markdown-pdf
Nguồn⚠️ https://github.com/abhi-ingle/Vulnerability-Research/tree/main/POC/Arbitrary%20File%20Read
Người dùng
 abhi-ingle (UID 72986)
Đệ trình04/08/2024 14:05 (cách đây 2 những năm)
Kiểm duyệt13/08/2024 16:03 (9 days later)
Trạng tháiđược chấp nhận
Mục VulDB274358 [yzane vscode-markdown-pdf 1.5.0 Markdown File duyệt thư mục]
điểm20

Interested in the pricing of exploits?

See the underground prices here!