Vulnerability Details CVE-2018-3770
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
Products affected by CVE-2018-3770
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.1.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.2.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.2.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.3.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.4.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:0.4.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:1.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:1.0.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:1.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:1.1.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:1.2.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:2.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:2.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:2.2.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:3.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:3.0.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:3.0.2
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:3.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:4.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:4.0.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:5.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:5.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:5.1.1
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:5.2.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:5.3.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:6.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:7.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:8.0.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:8.1.0
-
cpe:2.3:a:markdown-pdf_project:markdown-pdf:8.1.1