Lucene search

Japan Vulnerability NotesJVN:48057522

HistoryOct 30, 2023 - 12:00 a.m.

JVN#48057522: Inkdrop vulnerable to code injection

2023-10-3000:00:00

Japan Vulnerability Notes

jvn.jp

inkdrop

takuya matsuyama

code injection vulnerability

cwe-94

markdown editor

auto-update feature

arbitrary code execution

update

version 5.6.0

security advisory

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability (CWE-94).

Impact

If a specially crafted markdown file is opened using the product, arbitrary code may be executed.

Solution

Update the Software
The developer states that Inkdrop has an auto-update feature, therefore affected versions of the product will be automatically updated.

Products Affected

Inkdrop versions prior to v5.6.0

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

Related for JVN:48057522