@joplin/renderer is vulnerable to remote code execution. The vulnerability exists in stripHtml
function of htmlUtils.ts
because the html entities are not encoded which allows an attacker to inject and execute malicious codes.
CPE | Name | Operator | Version |
---|---|---|---|
@joplin/renderer | le | 2.6.3 | |
@joplin/renderer | le | 2.6.3 |