CVE-2024-7738 MEDIUM

CVE-2024-7738: yzane vscode-markdown-pdf Markdown File pathname traversal

Vendor Yzane
Product vscode-markdown-pdf
Weakness CWE-21
Published August 13, 2024
Last update August 13, 2024

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated