Not required (Authentication is not required to exploit the vulnerability. Very little knowledge or skill is required to exploit. CVE-2019-12138 MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or. app pathname, in the HREF attribute of an A element.
#Macdown 0.7.2d137 code#
Low (Specialized access conditions or extenuating circumstances do not exist. MacDown 0.7.1 (870) allows remote code execution via a file: URI, with a. Partial (There is reduced performance or interruptions in resource availability.) Download, unzip, and drag the app to Applications folder. Visit the project site for more information, or download directly from the latest releases page. The author stole the idea from Chen Luo’s Mou so that people can make crappy clones. MacDown can be compatible to GFM, except for some minor structural differences in the resulting.
Highlights include: highly customisable Markdown rendering, syntax highlighting in fenced code blocks and sophisticated auto-completion.
Check out the Features page to find out what extensions MacDown provides. MacDown is heavily influenced by Mou, and I try to mimic much of its behaviour as much as possible both in UI and the logic underneath, only making changes when I feel that improvement is necessary. Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) MacDown is an open source Markdown editor for OS X, released under the MIT License. MacDown provides lots of switches to let you choose what non-standard syntax (es) you want to use, and you can get almost all features in GFM if you configure them correctly. Partial (There is considerable informational disclosure.)
0 kommentar(er)
