Remote Code Execution (RCE)
Joplin is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient sanitization of tag attributes introduced by the Mermaid feature, allowing execution of untrusted HTML content within the Electron window...