Impact
A Remote Command Execution vulnerability was found in the rebber module,
which allowed execution of arbitrary commands. The reported problem came
from CodeBlocks, which could be escaped to insert malicious LaTeX.
Anyone using rebber
without sanitation of code content or a custom
macro is impacted by this vulnerability. Here is an example of a Markdown
content that will exploit the vulnerability:
```
\end{CodeBlock}
\immediate\write18{COMMAND > outputrce}
\input{outputrce}
\begin{CodeBlock}{text}
```
Will insert into the generated LaTeX the result of executing
COMMAND
on the system.
Patches
The vulnerability has been patched in version 5.2.1.
If impacted, you should update to this version as soon as possible.
Workarounds
It is possible to mitigate the vulnerability without upgrading by using a
custom code macro. Please make sure this custom macro escapes your
closing LaTeX sequence. For the example above, use:
const escaped = content.replace(new RegExp('\\\\end\\s*{CodeBlock}', 'g'), '')
For more information
If you have any questions or comments about this advisory, open an issue in ZMarkdown.
Impact
A Remote Command Execution vulnerability was found in the rebber module,
which allowed execution of arbitrary commands. The reported problem came
from CodeBlocks, which could be escaped to insert malicious LaTeX.
Anyone using
rebber
without sanitation of code content or a custommacro is impacted by this vulnerability. Here is an example of a Markdown
content that will exploit the vulnerability:
Will insert into the generated LaTeX the result of executing
COMMAND
on the system.Patches
The vulnerability has been patched in version 5.2.1.
If impacted, you should update to this version as soon as possible.
Workarounds
It is possible to mitigate the vulnerability without upgrading by using a
custom code macro. Please make sure this custom macro escapes your
closing LaTeX sequence. For the example above, use:
For more information
If you have any questions or comments about this advisory, open an issue in ZMarkdown.