JVN#29949691: Inkdrop vulnerable to OS command injection

2021-06-22T00:00:00
ID JVN:29949691
Type jvn
Reporter Japan Vulnerability Notes
Modified 2021-06-22T00:00:00

Description

## Description

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability (CWE-78).

## Impact

If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs.

## Solution

Update the Software
According to the developers, Inkdrop has an auto-update feature, so affected versions of the product will be updated automatically.

## Products Affected

  • Inkdrop versions prior to v5.3.1