CVE-2018-3770

Name of the Vulnerable Software and Affected Versions markdown-pdf versions prior to 9.0.0

Description A path traversal issue in markdown-pdf allows users to insert malicious HTML code, potentially resulting in the reading of local files. The package fails to sanitize HTML code in markdown files, which can lead to Remote Code Execution when markdown files with malicious HTML are converted to PDF. This may allow attackers to execute remote code if the resulting PDF file contains JavaScript code from the original markdown file.

Recommendations For versions prior to 9.0.0, upgrade to version 9.0.0 or later.