9 matches found
EUVD-2024-3261
Malicious code in bioql PyPI...
CVE-2024-49362
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
Remote Code Execution (RCE)
Joplin is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient sanitization of tag attributes introduced by the Mermaid feature, allowing execution of untrusted HTML content within the Electron window...
CVE-2024-49362
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview
Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...
Remote Code Execution on click of <a> Link in markdown preview
Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...
CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...