A local file path traversal issue exists in Macdown version 0.7.1 for macOS which allows an attacker to execute arbitrary programs.
Technical observation
A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like (../../../../something.app)
Since it also have a feature of sharing notes, in such a case an attacker could leverage this vulnerability and send crafted notes to the victim to perform further attacks.
Summary
A local file path traversal issue exists in Macdown version 0.7.1 for macOS which allows an attacker to execute arbitrary programs.
Technical observation
A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like (../../../../something.app)
Since it also have a feature of sharing notes, in such a case an attacker could leverage this vulnerability and send crafted notes to the victim to perform further attacks.
Video PoC: MacDown.mov.zip
The text was updated successfully, but these errors were encountered: