search

hackmdio / codimd

CodiMD - Realtime collaborative markdown notes on all platforms.
https://hackmd.io/c/codimd-documentation
GNU Affero General Public License v3.0
9.11k stars 1.05k forks source link

FIX: pandoc security issue #1790

Closed galaxian85 closed 1 year ago

galaxian85 commented 1 year ago

According to pandoc's manual some file format can include or embed files on the file system.

Check param exportType is valid & running pandoc with --sandbox to fix this.

jackycute commented 1 year ago

Thanks @galaxian85