Lookatme · Lookatme · CVE-2020-15271
**Name of the Vulnerable Software and Affected Versions**
lookatme versions prior to 2.3.0
**Description**
The issue affects users who render untrusted markdown with lookatme, potentially allowing malicious shell commands to be automatically run on their system. This is due to the automatic loading of the built-in "terminal" and "file loader" extensions in affected versions.
**Recommendations**
For versions prior to 2.3.0, upgrade to version 2.3.0 or above.
As a temporary workaround, consider manually deleting the `lookatme/contrib/terminal.py` and `lookatme/contrib/file loader.py` files.
It is also recommended to be aware of what is being rendered with lookatme to minimize potential risks.