Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Execution in Macdown #1076

Closed
RootUp opened this issue May 16, 2019 · 1 comment
Closed

Code Execution in Macdown #1076

RootUp opened this issue May 16, 2019 · 1 comment

Comments

@RootUp
Copy link

RootUp commented May 16, 2019

Summary

A local file path traversal issue exists in Macdown version 0.7.1 for macOS which allows an attacker to execute arbitrary programs.

Technical observation

A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like (../../../../something.app)

Since it also have a feature of sharing notes, in such a case an attacker could leverage this vulnerability and send crafted notes to the victim to perform further attacks.

Video PoC: MacDown.mov.zip

@FranklinYu
Copy link
Member

Duplicate of #1050

@FranklinYu FranklinYu marked this as a duplicate of #1050 May 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants