Описание
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:typora:typora:0.9.9.21.1:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00937
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
EPSS
Процентиль: 76%
0.00937
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-22