issues
search
zestedesavoir
/
zmarkdown
Live demo: https://zestedesavoir.github.io/zmarkdown/
MIT License
224
stars
52
forks
source link
[rebber] Fix two security flaws
#493
Closed
StaloneLab
closed
1 year ago
StaloneLab
commented
1 year ago
An RCE was found in images: when an image path contained an
}
, the LaTeX image command could be bypassed to allow malicious code injection.
An RCE was found in code blocks: a previous protection measure was unsufficient, thus allowing code blocks to be escaped in LaTeX
}, the LaTeX image command could be bypassed to allow malicious code injection.