Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the nodeIntegration option enabled.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gridea | Gridea | 0.9.3 (including) | 0.9.3 (including) |