CVE-2022-23340
published 2022-02-08CVE-2022-23340: Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.50%
71.2th percentile
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joplin_project | joplin | — | — |
| joplinapp | joplin | >= 0 < 2.7.1 | 2.7.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Joplin Vulnerable to Code Injection
ghsa·2022-02-09
CVE-2022-23340 [CRITICAL] CWE-94 Joplin Vulnerable to Code Injection
Joplin Vulnerable to Code Injection
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
OSV
Joplin Vulnerable to Code Injection
osv·2022-02-09
CVE-2022-23340 [CRITICAL] Joplin Vulnerable to Code Injection
Joplin Vulnerable to Code Injection
Joplin prior to version 2.7.1 allows remote attackers to execute system commands through malicious code in user search results.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-08
Published