Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.

Published

2023-08-19T06:15:47.037

Last Modified

2024-11-21T07:59:40.130

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typora	typora	≤ 1.6.7	Yes
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://starlabs.sg/advisories/23/23-2971/ Exploit, Mitigation, Third Party Advisory ([email protected])
https://starlabs.sg/advisories/23/23-2971/ Exploit, Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)