electron-markdownify@1.1.4 vulnerabilities
A minimalist Markdown Editor
-
latest version
1.2.1
-
first published
8 years ago
-
latest version published
7 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the electron-markdownify package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
electron-markdownify is a minimalist Markdown Editor Affected versions of this package are vulnerable to Arbitrary File Read due to allowing an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. How to fix Arbitrary File Read? There is no fixed version for |
*
|
electron-markdownify is a minimal Markdown Editor desktop app built on top of Electron. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). How to fix Cross-site Scripting (XSS)? There is no fix version for |
*
|