Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- Eta vulnerable to Code Injection via templates rendered with user-defined data - CVE-2022-25967
- Joplin is vulnerable to arbitrary code execution - CVE-2022-35131
- cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch - CVE-2022-36084
- undici before v5.8.0 vulnerable to CRLF injection in request headers - CVE-2022-31150
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024