GHSA-j39p-jf99-v5w8HighCVSS 8.8
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown...
🔗 CVE IDs covered (1)
📋 Description
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode plus HTML export (the bundled WaveDrom.ProcessAll()/eva() helpers) - and can also be triggered through a element injected via raw HTML in markdown. When a victim previews or exports a crafted markdown document, an attacker can execute arbitrary code, leading to arbitrary file write. Fixed in 0.8.28 by parsing with JSON5.parse() and sanitizing WaveDrom data scripts to inert strict JSON.
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2026-50733
- https://github.com/shd101wyy/vscode-markdown-preview-enhanced/issues/2315
- https://github.com/shd101wyy/vscode-markdown-preview-enhanced/releases/tag/0.8.28
- https://www.vulncheck.com/advisories/markdown-preview-enhanced-arbitrary-code-execution-via-wavedrom-eval
- https://github.com/advisories/GHSA-j39p-jf99-v5w8