CVE-2021-29996

Name of the Vulnerable Software and Affected Versions Mark Text versions 0.16.3 and earlier

Description The issue allows attackers to execute arbitrary commands, potentially leading to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.

Recommendations For Mark Text versions 0.16.3 and earlier, consider avoiding the use of .md files from untrusted sources until a patch is available. As a temporary workaround, restrict the opening of .md files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.