Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8.3.
References
-
https://github.com/alam00000/bentopdf/security/advisories/GHSA-6vh8-4frx-647f x_refsource_CONFIRM
-
https://github.com/alam00000/bentopdf/releases/tag/v2.8.3 x_refsource_MISC
Affected products
bentopdf
- ==< 2.8.3
Package maintainers
-
@Stunkymonkey Felix Bühler <account@buehler.rocks>
-
@charludo Charlotte Harludo <github@charlotteharludo.com>