CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41709

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.1%

CVSS Severity

CVSS v3 Score 7.8

References

https://fluidattacks.com/advisories/adams/
https://github.com/amitmerchant1990/electron-markdownify
https://fluidattacks.com/advisories/adams/
https://github.com/amitmerchant1990/electron-markdownify

Products affected by CVE-2022-41709

Markdownify Project » Markdownify » Version: 1.4.1

cpe:2.3:a:markdownify_project:markdownify:1.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41709

Products

Pricing

Contact Us