CVE-2023-0835: markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.29697%
CWE
Published
4/5/2023
Updated
2/13/2025
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| markdown-pdf | npm | <= 11.0.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper input validation when processing user-supplied Markdown. The exploit demonstrates that raw HTML/script tags in Markdown are rendered as executable code during PDF generation. This indicates the Markdown parser (Remarkable) was configured to allow HTML parsing (html: true), enabling XSS. The server-side PhantomJS environment then executes these scripts, allowing local file read. While exact code isn't visible, the advisory and exploit mechanics point directly to the Markdown-to-HTML conversion function with insecure Remarkable configuration as the root cause.