Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2316 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2023-08-24 | N/A | N/A |
| Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | |||||
| CVE-2019-12172 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | |||||
| CVE-2019-12137 | 2 Apple, Typora | 2 Mac Os X, Typora | 2019-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | |||||