From Markdown to RCE in Atom (via) Lukas Reschke found a remote code execution vulnerability in the Atom editor by taking advantage of a combination of Markdown’s ability to embed HTML, Atom’s Content-Security-Policy allowing JavaScript from the local filesystem to be executed, and a test suite HTML file hidden away in the Atom application package that executes code passed to it via query string.
Recent articles
- Highlights from my appearance on the Data Renegades podcast with CL Kao and Dori Wilson - 26th November 2025
- Claude Opus 4.5, and why evaluating new LLMs is increasingly difficult - 24th November 2025
- sqlite-utils 4.0a1 has several (minor) backwards incompatible changes - 24th November 2025