Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
References
Link | Resource |
---|---|
https://github.com/typora/typora-issues/issues/2166 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-05-17 16:29
Updated : 2020-08-24 10:37
NVD link : CVE-2019-12172
Mitre link : CVE-2019-12172
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
apple
- mac_os_x
microsoft
- windows
linux
- linux_kernel
typora
- typora