Vulnerability CVE-2022-40274


Published: 2022-09-30

Description:
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.

 References:
https://fluidattacks.com/advisories/marshmello/
https://github.com/getgridea/gridea

Copyright 2026, cxsecurity.com

 

Back to Top