CVE-2022-45025

CRITICAL

Markdown Preview Enhanced - OS Command Injection

Title source: rule

Description

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.

Exploits (2)

nomisec WORKING POC 90 stars

by yuriisanin · poc

https://github.com/yuriisanin/CVE-2022-45025

View Code ZIP pw:eip

nomisec

by andyhsu024 · poc

https://github.com/andyhsu024/CVE-2022-45025

View on nomisec

References (1)

[Exploit, Third Party Advisory] https://github.com/shd101wyy/vscode-markdown-preview-enhanced/issues/639

Scores

CVSS v3 9.8

EPSS 0.4255

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

markdown_preview_enhanced_project/markdown_preview_enhanced 0.6.5 (2 CPE variants)

markdown_preview_enhanced_project/markdown_preview_enhanced 0.19.6 (2 CPE variants)

Published Dec 07, 2022

Tracked Since Feb 18, 2026