electron-markdownify@1.1.1 vulnerabilities
A minimalist Markdown Editor
latest version
1.2.1
first published
9 years ago
latest version published
8 years ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the electron-markdownify package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
electron-markdownify is a minimalist Markdown Editor Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the file upload. An attacker can execute arbitrary scripts in the context of the application by uploading specially crafted markdown files containing embedded scripts. How to fix Cross-site Scripting (XSS)? There is no fixed version for | * |
electron-markdownify is a minimalist Markdown Editor Affected versions of this package are vulnerable to Arbitrary File Read due to allowing an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. How to fix Arbitrary File Read? There is no fixed version for | * |
electron-markdownify is a minimal Markdown Editor desktop app built on top of Electron. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). How to fix Cross-site Scripting (XSS)? There is no fix version for | * |