CVE-2022-40274

Published September 30th, 2022

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.

getgridea/gridea

✍️ A static blog writing client (一个静态博客写作客户端)

GitHub

10.3K