0Xroyr

**Name of the Vulnerable Software and Affected Versions** Markdownify versions prior to 0.0.2 **Description** Markdownify is a Model Context Protocol server for converting content to Markdown. Versions prior to 0.0.2 contain a command injection issue, caused by the unsanitized use of input parameters within a call to `child process.exec`. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings, introducing the possibility of shell metacharacter injection. **Recommendations** Update to version 0.0.2 or later.