Name of the Vulnerable Software and Affected Versions: rebber versions prior to 5.2.1

Description: A Remote Command Execution issue was found in the rebber module, allowing the execution of arbitrary commands. This issue can be exploited by inserting malicious LaTeX code, potentially affecting anyone using rebber without proper code content sanitation or a custom macro. For example, a Markdown content can exploit this issue by inserting the result of executing a COMMAND on the system into the generated LaTeX.

Recommendations: For versions prior to 5.2.1, update to version 5.2.1 as soon as possible to patch the vulnerability. As a temporary workaround, consider using a custom code macro that escapes the closing LaTeX sequence, such as replacing end{CodeBlock} with an empty string using a regular expression: const escaped = content.replace(new RegExp('ends*{CodeBlock}','g'), '').