A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md | Broken Link |
https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 | Broken Link |
https://vuldb.com/?ctiid.274358 | Permissions Required |
https://vuldb.com/?id.274358 | Third Party Advisory |
https://vuldb.com/?submit.385634 | Third Party Advisory |
Configurations
History
13 Sep 2024, 16:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md - Broken Link | |
References | () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 - Broken Link | |
References | () https://vuldb.com/?ctiid.274358 - Permissions Required | |
References | () https://vuldb.com/?id.274358 - Third Party Advisory | |
References | () https://vuldb.com/?submit.385634 - Third Party Advisory | |
First Time |
Yzane
Yzane markdown Pdf |
|
CVSS |
v2 : v3 : |
v2 : 1.7
v3 : 7.8 |
CWE | CWE-22 | |
CPE | cpe:2.3:a:yzane:markdown_pdf:1.5.0:*:*:*:*:vscode:*:* |
13 Aug 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 19:15
Updated : 2024-09-13 16:03
NVD link : CVE-2024-7738
Mitre link : CVE-2024-7738
CVE.ORG link : CVE-2024-7738
JSON object : View
Products Affected
yzane
- markdown_pdf