cvedb.io
CVE-2023-32309
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-05-15T21:15:09.607 · Last modified 2026-06-17T05:58:32.443

Summary

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"` the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths: `--8<-- "../../../../etc/passwd"`. Within the Snippets extension, there exists a `base_path` option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in `get_snippet_path(self, path)` lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have it

Affected products

facelessuser — pymdown_extensions

Does this affect you?

Add your gear to cvedb and we'll alert you only when facelessuser ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.