Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zettlr 输入验证错误漏洞
Vulnerability Description
Zettlr是一款用于专业编辑Markdown文件的最全面的编辑器。 Zettlr 2.3.0版本存在安全漏洞,该漏洞源于应用程序没有CSP策略,在渲染markdown文件之前没有正确验证它们的内容。攻击者利用该漏洞可以查看受害者本地的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A