Disclosure Date 2022/11/21

CVE-2022-43668

Typora fails to properly neutralize JavaScript code

TyporaにおけるJavaScriptコードの無効化処理が不十分な問題

Credit

@ei01241

Affected-Versions

prior to v1.4.4, Fixed in v1.4.4

CWE

CWE-116

Description

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.

Product-URLs

https://typora.io/

Back