CNNVD-202509-672 Information

CNNVD ID

CNNVD-202509-672

Related CVE

CVE-2025-58358

• CNNVD Published: 2025-09-04

Description (Chinese)

Markdownify是Amit Merchant个人开发者的一个基于 Electron 构建的最小 Markdown Editor 桌面应用程序。 Markdownify 0.0.2之前版本存在命令注入漏洞，该漏洞源于未清理输入参数导致命令注入，可能导致远程代码执行。

Description (English)

Markdownify is the smallest Markdown Editor desktop application built on Electron by Amit Merchant personal developer. The pre-Markdownify 0.0.2 version has a command-injecting loophole, which stems from uncleaned input parameters leading to command-injection, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

个人开发者

Published

2025-09-04

Last Modified

2026-02-24

References

https://github.com/zcaceres/markdownify-mcp/commit/a31204de058b22a47e1dcc24508993cfe97e5bb3 https://github.com/zcaceres/markdownify-mcp/security/advisories/GHSA-45qj-4xq3-3c45