Security fixes

Security (RCE) : filter the authorized math commands to a given list
Security (RCE) : escape the content of abbreviations

Miscellaneous

Important : Align table headers left instead of centered
Important : Restore a nice formatting for footnotes
Minor : Restore a correct behavior for footnotes, but remove linking
Minor : Fix tables column width so that tables take the whole page

Assets 2

30 Aug 10:09

StaloneLab

[email protected]

cffaf7f

[email protected]

This release fixes three security breaches. Please update as soon as possible.

Critical RCE in `rebber` that affected `zmarkdown`

A Remote Command Execution vulnerability was found in the rebber module,
which allowed execution of arbitrary commands. The reported problem came
from CodeBlocks, which could be escaped to insert malicious LaTeX.

The mitigation involves forbidding any \end{CodeBlock} command from
inside code blocks themselves. This vulnerability impact is critical, as it allows
Remote Code Execution.

Minor LFI in `remark-download-images` that affected `zmarkdown`

A minor Local File Inclusion vulnerability has been found in
remark-download-images, which allowed for images with a known path on
the host machine to be included inside a LaTeX document.

To prevent it, a new option has been created that allow to replace
invalid paths with a default image instead of linking the image on the
host directly. This option is now enabled inside zmarkdown.
This vulnerability impact is minor, as it is restricted to images and
one need to know the path of the image to exploit it.

Major blind SSRF in `remark-download-images` that affected `zmarkdown`

A major blind SSRF has been found in remark-images-download, which allowed
for requests to be made to neighboring servers on local IP ranges.
The issue came from a loose filtering of URLs inside the module.

It has been corrected by preventing images downloads from
local IP ranges, both in IPv4 and IPv6.
To avoid malicious domain names, resolved local IPs from are also
forbidden inside the module.
This vulnerability impact is major, as it is can allow access to
unexposed documents on the local network, and is very easy
to exploit..

Assets 2

30 Aug 10:14

StaloneLab

[email protected]

cffaf7f

[email protected]

This release fixes a security breach. Please update as soon as possible.

[MINOR] Add an option defaultOn.invalidPath that replaces image by default when it's path is found invalid
[BUGFIX] Fix a major SSRF vulnerability

Major blind SSRF in `remark-download-images`

Assets 2

30 Aug 10:12

StaloneLab

[email protected]

cffaf7f

[email protected]

This release fixes a security breaches. Please update as soon as possible.

A Remote Command Execution vulnerability was found in the rebber module,
which allowed execution of arbitrary commands. The reported problem came
from CodeBlocks, which could be escaped to insert malicious LaTeX.

The mitigation involves forbidding any \end{CodeBlock} command from
inside code blocks themselves. This vulnerability impact is critical, as it allows
potential Remote Code Execution.

Assets 2