CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.1%
Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability (CWE-94).
If a specially crafted markdown file is opened using the product, arbitrary code may be executed.
Update the Software
The developer states that Inkdrop has an auto-update feature, therefore affected versions of the product will be automatically updated.