Advisories for Pypi/Pymdown-Extensions package

2023

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax –8<–"/etc/passwd" or –8<–"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base …