CVE-2018-3770

CVE-2018-3770

Vendor Hackerone

Product markdown-pdf

Weakness CWE-22 · Path traversal

Published July 20, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.

Key dates

02Disclosure timeline

July 20, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-3770 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html

Related vulnerabilities

04Related CVE

CVE-2025-46704 Advantech iView Path Traversal CVE-2026-45230 DumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-file CVE-2019-25610 NetNumber Titan Master 7.9.1 Path Traversal via drp CVE-2024-32830 WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability CVE-2025-3065 Database Toolset <= 1.8.4 - Unauthenticated Arbitrary File Deletion