Description
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Remediation
References
https://hackerone.com/reports/360727
Related Vulnerabilities
CVE-2022-24723 Vulnerability in npm package urijs
CVE-2021-23337 Vulnerability in npm package lodash
CVE-2017-16026 Vulnerability in maven package org.webjars.npm:request
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.13
CVE-2019-17495 Vulnerability in maven package org.webjars.bower:swagger-ui