Nixpkgs Security Tracker

Dismissed

Permalink CVE-2021-47837

7.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 2 months ago
@LeSuisse removed
2 packages
- python312Packages.markdownify
- python313Packages.markdownify
2 months ago
@LeSuisse dismissed 2 months ago

Markdownify 1.2.0 - Persistent Cross-Site Scripting

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.

References

Markdownify GitHub Repository product
Proof of Concept Video exploit
VulnCheck Advisory: Markdownify 1.2.0 - Persistent Cross-Site Scripting third-party-advisory
ExploitDB-49835 exploit
https://www.vulncheck.com/advisories/markdownify-persistent-cross-site-scripting exploit

Affected products

Markdownify

==1.2.0

Impacted software not present in nixpkgs

Suggestion detail

References

Affected products