Markdown Preview Enhanced for VSCode: RCE via PDF import (CVE-2022-45025)

Markdown Preview Enhanced for VSCode: RCE via PDF import (CVE-2022-45025)

Yurii Sanin

54 года назад

1,000 Просмотров

The PDF import functionality is vulnerable to OS command injection due to use of `shell` option enabled. This could allow an attacker to injection OS command using `pdfFilePath` variable.

Plugin: https://marketplace.visualstudio.com/items?itemName=shd101wyy.markdown-preview-enhanced
CVE: https://github.com/yuriisanin/CVE-2022-45025
Ссылки и html тэги не поддерживаются


Комментарии: