Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- Eta vulnerable to Code Injection via templates rendered with user-defined data - CVE-2022-25967
- Joplin is vulnerable to arbitrary code execution - CVE-2022-35131
- @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes - CVE-2026-31861
- Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin - @strapi/plugin-email - CVE-2023-22621
You might also like:
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024


