CVE-2023-38745

Name of the Vulnerable Software and Affected Versions Pandoc versions prior to 3.1.6

Description The issue is related to insufficient input validation in the Pandoc library, which can be exploited to create or overwrite arbitrary files in the system. This can be achieved by using the --extract-media option or outputting to PDF format, allowing an attacker to create or overwrite files depending on the privileges of the process running Pandoc. The issue only affects systems that pass untrusted user input to Pandoc and allow it to produce a PDF or use the --extract-media option.

Recommendations For versions prior to 3.1.6, update to version 3.1.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the --extract-media option and avoid outputting to PDF format until the update is applied. Additionally, restrict access to untrusted user input to minimize the risk of exploitation.