com.github.rjeschke.txtmark.cmd.HlUtils.highlight is designed to highlight code blocks. However, passing an unchecked argument to this API can lead to the execution of arbitrary commands. For instance, first, we create an instance of CodeBlockEmitter and specify the parameter program of CodeBlockEmitter to ”calc.exe”:
com.github.rjeschke.txtmark.cmd.HlUtils.highlight
is designed to highlight code blocks. However, passing an unchecked argument to this API can lead to the execution of arbitrary commands. For instance, first, we create an instance ofCodeBlockEmitter
and specify the parameter program of CodeBlockEmitter to ”calc.exe”:Second, we set
CodeBlockEmitter
to the instance that we just created.Finally, malicious programs “calc.exe” would be executed.