CVE-2024-7738

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yzane:markdown_pdf:1.5.0:*:*:*:*:vscode:*:*

History

13 Sep 2024, 16:03

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en yzane vscode-markdown-pdf 1.5.0 y clasificada como problemática. Una función desconocida del componente Markdown File Handler es afectada por esta vulnerabilidad. La manipulación conduce a pathname traversal. Atacar localmente es un requisito. El exploit ha sido divulgado al público y puede utilizarse.
References () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md - () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md - Broken Link
References () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 - () https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 - Broken Link
References () https://vuldb.com/?ctiid.274358 - () https://vuldb.com/?ctiid.274358 - Permissions Required
References () https://vuldb.com/?id.274358 - () https://vuldb.com/?id.274358 - Third Party Advisory
References () https://vuldb.com/?submit.385634 - () https://vuldb.com/?submit.385634 - Third Party Advisory
First Time Yzane
Yzane markdown Pdf
CVSS v2 : 1.7
v3 : 3.3
v2 : 1.7
v3 : 7.8
CWE CWE-22
CPE cpe:2.3:a:yzane:markdown_pdf:1.5.0:*:*:*:*:vscode:*:*

13 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 19:15

Updated : 2024-09-13 16:03


NVD link : CVE-2024-7738

Mitre link : CVE-2024-7738

CVE.ORG link : CVE-2024-7738


JSON object : View

Products Affected

yzane

  • markdown_pdf
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-21

DEPRECATED: Pathname Traversal and Equivalence Errors