CVE-2022-35131, GHSA-ww2v-frv5-pj5x
npm/joplin
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
Version 2.8.8
Unfortunately, there is no solution available yet.
2022-08-01
source |