{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49362", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-14T13:56:34.810Z", "datePublished": "2024-11-14T17:37:09.700Z", "dateUpdated": "2024-11-14T21:39:43.794Z"}, "containers": {"cna": {"title": "Remote Code Execution on click of <a> Link in markdown preview", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7"}], "affected": [{"vendor": "laurent22", "product": "joplin", "versions": [{"version": "< 3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-14T17:37:09.700Z"}, "descriptions": [{"lang": "en", "value": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution."}], "source": {"advisory": "GHSA-hff8-hjwv-j9q7", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "joplinapp", "product": "joplin", "cpes": ["cpe:2.3:a:joplinapp:joplin:*:*:*:*:*:node.js:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T21:38:47.636782Z", "id": "CVE-2024-49362", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T21:39:43.794Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49362", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T21:38:47.636782Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:joplinapp:joplin:*:*:*:*:*:node.js:*:*"], "vendor": "joplinapp", "product": "joplin", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T21:39:38.922Z"}}], "cna": {"title": "Remote Code Execution on click of <a> Link in markdown preview", "source": {"advisory": "GHSA-hff8-hjwv-j9q7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "laurent22", "product": "joplin", "versions": [{"status": "affected", "version": "< 3.1"}]}], "references": [{"url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7", "name": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-14T17:37:09.700Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49362", "state": "PUBLISHED", "dateUpdated": "2024-11-14T21:39:43.794Z", "dateReserved": "2024-10-14T13:56:34.810Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-14T17:37:09.700Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*", "matchCriteriaId": "072181DD-7C0E-4B22-AC35-B7C25CC53219", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution."}, {"lang": "es", "value": "Joplin es una aplicaci\u00f3n de c\u00f3digo abierto y gratuita para tomar notas y realizar tareas pendientes. Joplin-desktop tiene una vulnerabilidad que provoca la ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando un usuario hace clic en un enlace <a rel=\"nofollow\"> dentro de notas que no son de confianza. El problema surge debido a una limpieza insuficiente de los atributos de la etiqueta </a><a rel=\"nofollow\"> introducidos por Mermaid. Esta vulnerabilidad permite la ejecuci\u00f3n de contenido HTML no confiable dentro de la ventana Electron, que tiene acceso completo a las API de Node.js, lo que permite la ejecuci\u00f3n arbitraria de comandos de shell.</a>"}], "id": "CVE-2024-49362", "lastModified": "2025-05-07T14:10:19.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-14T18:15:19.243", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}