Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- Joplin is vulnerable to arbitrary code execution - CVE-2022-35131
- Eta vulnerable to Code Injection via templates rendered with user-defined data - CVE-2022-25967
- Matrix-appservice-irc vulnerable to sql injection via roomIds argument - CVE-2022-3971
- @siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes - CVE-2026-31861
You might also like:
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024