Description
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Remediation
References
https://hackerone.com/reports/360727
Related Vulnerabilities
CVE-2019-20444 Vulnerability in maven package io.netty:netty-codec-http
CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2018-3743 Vulnerability in npm package hekto
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.12