2 matches found
demo-joplin (>=1.0.1 <=1.0.8) potentially affected by CVE-2022-35131 via joplin (=0.10.93)
joplin NPM version =0.10.93 is affected by a known vulnerability. The following packages have a transitive dependency on joplin and may be impacted: - demo-joplin =1.0.1, =1.0.8 Source cves: CVE-2022-35131 Source advisory: OSV:GHSA-WW2V-FRV5-PJ5X...
CVE-2022-35131
CVE-2022-35131 affects Joplin v2.8.8, enabling arbitrary command execution via a crafted payload injected into Node titles. The root cause is unsafe handling of user input in the UI, specifically unescaped input passed to dangerouslySetInnerHTML in GotoAnything.tsx. Several sources corroborate an...