CVE-2023-44141

Published: Oct 30, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

Affected (6)

Products: Inkdrop: Inkdrop

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Inkdrop Inkdrop	Before 5.6.0
Inkdrop Inkdrop	Version 5.6.0 beta0
Inkdrop Inkdrop	Version 5.6.0 beta1
Inkdrop Inkdrop	Version 5.6.0 beta2
Inkdrop Inkdrop	Version 5.6.0 beta3
Inkdrop Inkdrop	Version 5.6.0 beta4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211

Source: vultures@jpcert.or.jp

Release Notes

https://jvn.jp/en/jp/JVN48057522/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.inkdrop.app/

Source: vultures@jpcert.or.jp

Product

https://forum.inkdrop.app/t/inkdrop-desktop-v5-6-0/4211

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://jvn.jp/en/jp/JVN48057522/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.inkdrop.app/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.