CVE-2021-29475: 
NixOS vulnerability analysis and mitigation

HedgeDoc (formerly known as CodiMD), an open-source collaborative markdown editor, was found to contain a critical vulnerability (CVE-2021-29475) that was disclosed on April 26, 2021. The vulnerability allows attackers with note modification capabilities to extract arbitrary files from the system when using the PDF export feature. This affects all instances with PDF export enabled prior to version 1.5.0 (GitHub Advisory, NVD).

The vulnerability stems from improper handling of file:/// references in PhantomJS during PDF export operations. While PhantomJS doesn't render these references in the PDF output, it processes them internally, allowing for data exfiltration through JavaScript rendering. The vulnerability has been assigned a CVSS v3.1 base score of 10.0 (Critical), with attack vector: Network, attack complexity: Low, privileges required: None, user interaction: None, scope: Changed, and high impacts on both confidentiality and integrity (NVD).

The vulnerability enables attackers to read sensitive files from the filesystem, including the HedgeDoc config.json file which often contains critical information such as database credentials and OAuth secrets. Even in Docker deployments, while the accessible files might be limited, the exposure of configuration files poses significant security risks (GitHub Advisory).

The vulnerability was patched in HedgeDoc version 1.5.0. For users unable to upgrade, a workaround is available by disabling the PDF export feature. This can be done by either starting the HedgeDoc instance with CMDALLOWPDF_EXPORT=false or setting "allowPDFExport": false in config.json (GitHub Commit).