5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-41710

GHSA ID

GHSA-qqhf-xfhw-7884

EPSS Score

0.05252%

CWE

CWE-552

Published

11/4/2022

Updated

2/2/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-41710

CVE-2022-41710: Markdownify has Files or Directories Accessible to External Parties

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

(GitHub Advisory)

5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-41710

GHSA ID

GHSA-qqhf-xfhw-7884

EPSS Score

0.05252%

CWE

CWE-552

Published

11/4/2022

Updated

2/2/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
electron-markdownify	npm	<= 1.4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: 1) Lack of input sanitization in markdown-to-HTML conversion allows arbitrary script execution (CWE-552 vector), and 2) Missing Electron security hardening measures (CSP + nodeIntegration settings) enables cross-platform filesystem access. While exact function names aren't visible in provided resources, Electron architecture patterns and the exploit's requirements make these components clearly vulnerable. The <img> onerror payload demonstration confirms renderer.process script execution capability, which would require both the markdown parser to allow unsafe HTML and the Electron context to permit Node.js filesystem access.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*rk*owni*y v*rsion *.*.* *llows *n *xt*rn*l *tt**k*r to r*mot*ly o*t*in *r*itr*ry lo**l *il*s on *ny *li*nt t**t *tt*mpts to vi*w * m*li*ious m*rk*own *il* t*rou** M*rk*owni*y. T*is is possi*l* ****us* t** *ppli**tion *o*s not **v* * *SP poli*y (or

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) L**k o* input s*nitiz*tion in m*rk*own-to-*TML *onv*rsion *llows *r*itr*ry s*ript *x**ution (*W*-*** v**tor), *n* *) Missin* *l**tron s**urity **r**nin* m**sur*s (*SP + no**Int**r*tion s*ttin*s) *n**l*s

5.5

Basic Information

Concerned about an active attack path?

CVE-2022-41710: Markdownify has Files or Directories Accessible to External Parties

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI