Описание
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
EPSS
Процентиль: 69%
0.00591
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
EPSS
Процентиль: 69%
0.00591
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78