Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- Expo SDK has an OAuth vulnerability - CVE-2023-28131
- tRPC 11 WebSocket DoS Vulnerability - CVE-2025-43855
- @rpldy/uploader prototype pollution - CVE-2024-57082
- Remote Code Execution on click of <a> Link in markdown preview - CVE-2024-49362
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024