4 matches found
@akshajrawat/plugin-repo-cli (=1.0.0), @joplin/plugin-repo-cli (>=2.2.3 <=3.6.3) +5 more potentially affected by CVE-2025-57798 via @joplin/lib (>=2.10.2 <=3.6.3)
@joplin/lib NPM version =2.10.2, =2.2.3, =2.2.3, =1.6.3, =2.0.0, =0.5.2, =0.17.1 - pi-joplin =1.0.0 Source cves: CVE-2025-57798 Source advisory: SNYK:JS-JOPLINLIB-16771369...
Allocation of Resources Without Limits or Throttling
Overview @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the title input. An attacker can cause the application to consume excessive memory and terminate unexpectedly by submitting an extremely long...
Arbitrary Code Injection
Overview @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the improper handling of URI schemes in the openExternal function. Note: This is exploitable only for Windows environments. Remediation Upgrade @joplin/lib to version...
joplin (>=2.10.1 <=2.13.2) potentially affected by CVE-2024-53268 via @joplin/lib (>=2.10.2 <=2.13.4)
@joplin/lib NPM version =2.10.2, =2.10.1, =2.13.2 Source cves: CVE-2024-53268 Source advisory: SNYK:JS-JOPLINLIB-15048153...