$Remote Code Execution in MacDown 0.7.1 (870) via file:\\\ URI in HREF Attribute$

Remote Code Execution in MacDown 0.7.1 (870) via file:\\\ URI in HREF Attribute

CVE-2019-12173 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.

Learn more about our Web Application Penetration Testing UK.