CVE-2023-35936

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 5, 2023
Updated: Mar 31, 2024
CWE ID 20

Summary

CVE-2023-35936 is a vulnerability in Pandoc, a Haskell library and command-line tool used for converting between different markup formats. This vulnerability exists in versions 1.13 up to 3.1.4 and allows an attacker to write or overwrite arbitrary files on the system if the system passes untrusted user input to Pandoc and uses it to generate PDF files or with the `--extract-media` option. The affected products include various versions of Pandoc (r9ng60, r9ng61, r9ng62, etc.). To remediate this vulnerability, the fix involves unescaping the percent-encoding before checking if the resource is not above the working directory. The potential danger of this vulnerability lies in the attacker's ability to create or modify files on the system, depending on the privileges of the process running Pandoc.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35936 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options