electron-markdownify@1.2.1 vulnerabilities

A minimalist Markdown Editor

Direct Vulnerabilities

Known vulnerabilities in the electron-markdownify package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Arbitrary File Read

electron-markdownify is a minimalist Markdown Editor

Affected versions of this package are vulnerable to Arbitrary File Read due to allowing an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

How to fix Arbitrary File Read?

There is no fixed version for electron-markdownify.

*
  • M
Cross-site Scripting (XSS)

electron-markdownify is a minimal Markdown Editor desktop app built on top of Electron.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS).

How to fix Cross-site Scripting (XSS)?

There is no fix version for electron-markdownify.

*