Mkdocs Include Markdown Plugin Improper Input Validation Vulnerability Allowing Placeholder Collisions
Vulnerability
A vulnerability exists in the Mkdocs Include Markdown Plugin, specifically in versions prior to 7.1.8. The issue arises from unvalidated input that can interfere with substitution placeholders, potentially leading to unexpected behavior. This vulnerability is related to improper input validation, allowing for collisions with placeholder content.
Impact
The vulnerability could cause low-impact issues by allowing input to collide with substitution placeholders, which may disrupt the intended functionality of the Markdown processing.
Reproduction
To reproduce this vulnerability, create a Markdown file that includes a substitution placeholder. Then, add input that contains characters matching the placeholder's escape sequences. The unescaped placeholder characters can interfere with the Markdown processing, demonstrating the collision issue.
Remediation
Users can update to Mkdocs Include Markdown Plugin version 7.1.8 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.