CVE-2024-49362
CVSS 3.1 Score 7.7 of 10 (high)
Details
Published Nov 14, 2024
Updated: Nov 15, 2024
CWE ID 94
Summary
CVE-2024-49362 is a newly identified vulnerability affecting the open-source Joplin note-taking application. The desktop version of Joplin harbors a remote code execution (RCE) risk, which can be triggered when a user clicks on a malicious <a> link within untrusted notes. This vulnerability emerges due to insufficient sanitization of <a> tag attributes, introduced by the Mermaid processor. Maliciously crafted HTML content can be executed within the Electron window, yielding access to Node.js APIs and enabling arbitrary shell command execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share