Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/12/2021 Updated: 14/12/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The package md-to-pdf prior to 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.

Vulnerable Product	Search on Vulmon	Subscribe to Product
markdown to pdf project markdown to pdf

WEB Templeted Flask/Jinja2 Template Injection Flask/Jinja2 Template Injection Payload: <ip_address>/{{requestapplication__globals____builtins____import__('os')popen('cat flagtxt'))read()}} Phonebook LDAP Injection Bypass login using *:* credentials Get reese's password -> flag:

NVD-CWE-noinfo https://github.com/simonhaenisch/md-to-pdf/commit/a716259c548c82fa1d3b14a3422e9100619d2d8a https://snyk.io/vuln/SNYK-JS-MDTOPDF-1657880 https://github.com/simonhaenisch/md-to-pdf/issues/99 https://nvd.nist.gov https://github.com/itsmiki/hackthebox-web-challenge-payloads

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-23639

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect