5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-3770

GHSA ID

GHSA-p7c9-jqhq-vr3v

EPSS Score

0.50281%

CWE

CWE-22

Published

7/27/2018

Updated

3/1/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-3770

CVE-2018-3770:
Remote Code Execution in markdown-pdf

Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may allow attackers to execute Remote Code.

Recommendation

Upgrade to version 9.0.0 or later.

(GitHub Advisory)

5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-3770

GHSA ID

GHSA-p7c9-jqhq-vr3v

EPSS Score

0.50281%

CWE

CWE-22

Published

7/27/2018

Updated

3/1/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
markdown-pdf	npm	< 9.0.0	9.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from markdown-pdf enabling HTML rendering in its Remarkable parser by default. The key change in the patch removes the 'html: true' default in the options object passed to Remarkable. The markdownpdf function in index.js is directly responsible for this insecure configuration. During exploitation, this function would appear in the profiler as it sets up the processing pipeline with vulnerable defaults. While the actual HTML rendering occurs in Remarkable's code, the root cause is markdownpdf's configuration, which is explicitly modified in the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* `m*rk*own-p**` prior to *.*.* *r* vuln*r**l* to R*mot* *o** *x**ution. T** p**k*** **ils to s*nitiz* *TML *o** in m*rk*own *il*s. I* m*rk*own *il*s wit* m*li*ious *TML *r* *onv*rt** to P**, t** r*sultin* P** *il* will *x**ut* *ny J*v*S*ri

Reasoning

T** vuln*r**ility st*ms *rom m*rk*own-p** *n**lin* *TML r*n**rin* in its R*m*rk**l* p*rs*r *y ****ult. T** k*y ***n** in t** p*t** r*mov*s t** '*tml: tru*' ****ult in t** options o*j**t p*ss** to R*m*rk**l*. T** `m*rk*ownp**` *un*tion in `in**x.js` i

5.5

Basic Information

Concerned about an active attack path?

CVE-2018-3770: Remote Code Execution in markdown-pdf

Recommendation

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-3770:
Remote Code Execution in markdown-pdf

Vulnerability Intelligence
Miggo AI