Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- Eta vulnerable to Code Injection via templates rendered with user-defined data - CVE-2022-25967
- Joplin is vulnerable to arbitrary code execution - CVE-2022-35131
- Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type - CVE-2022-35948
- Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers - CVE-2022-41878
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024