Description
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
Recommendation
Update the joplin package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.7.1
- Patched version(s): 2.7.1
References
Related Issues
- tRPC 11 WebSocket DoS Vulnerability - CVE-2025-43855
- DocsGPT Allows Remote Code Execution - CVE-2025-0868
- Remote Code Execution on click of <a> Link in markdown preview - CVE-2024-49362
- Signature Malleabillity in elliptic - CVE-2020-13822
- Tags:
- npm
- joplin
Anything's wrong? Let us know Last updated on April 23, 2024