Description
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Remediation
References
https://hackerone.com/reports/360727
Related Vulnerabilities
CVE-2023-23936 Vulnerability in npm package undici
CVE-2016-10540 Vulnerability in maven package org.webjars.npm:minimatch
CVE-2016-10528 Vulnerability in npm package restafary
CVE-2018-1000863 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-22665 Vulnerability in maven package org.apache.jena:jena-arq