CVE-2024-7738

LOW

yzane vscode-markdown-pdf <1.5.0 - Path Traversal

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.274358

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.274358

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.385634

Broken Link exploit

https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/file_read_report.md

Broken Link exploit

https://github.com/abhi-ingle/Vulnerability-Research/blob/main/POC/Arbitrary%20File%20Read/poc_arbitrary_file_read.mp4

Scores

CVSS v3 3.3

EPSS 0.0021

EPSS Percentile 42.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-21

Status published

Products (1)

yzane/markdown_pdf 1.5.0

Published Aug 13, 2024

Tracked Since Feb 18, 2026