Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the nodeIntegration option enabled.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Markdownify | Markdownify_project | 1.4.1 (including) | 1.4.1 (including) |