A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.274358 | third party advisory vdb entry |
| https://vuldb.com/?ctiid.274358 | signature permissions required |
| https://vuldb.com/?submit.385634 | third party advisory |
| https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md | exploit broken link |
| https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4 | exploit broken link |