5 matches found
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...
demo-joplin (>=1.0.1 <=1.0.8) potentially affected by CVE-2022-23340 via joplin (=0.10.93)
joplin NPM version =0.10.93 is affected by a known vulnerability. The following packages have a transitive dependency on joplin and may be impacted: - demo-joplin =1.0.1, =1.0.8 Source cves: CVE-2022-23340 Source advisory: OSV:GHSA-8478-53PV-JXVM...
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...
CVE-2022-23340
Joplin 2.6.10 is affected by a remote code execution vulnerability where malicious code in user search results can execute system commands. Root cause cited across multiple sources is code injection in the HTML rendering/processing path (stripHtml/html entity handling) enabling command execution....
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...