Disclosure Date 2022/11/21

CVE-2022-43668

Typora fails to properly neutralize JavaScript code

Typora における JavaScript コードの無効化処理が不十分な問題

Credit

@ei01241

Affected-Versions

Typora: v1.4.3 and earlier

CWE

  • CWE-116

Description

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.

Product-URLs

Back