What is CVE-2024-53268?

CVE-2024-53268 is a high-severity vulnerability in Laurent22 Joplin, classified under Code Injection. CVSS score: 7.3/10. Published 2024-11-25.

How severe is CVE-2024-53268?

High severity. CVSS v3 base score is 7.3 out of 10.

RCE in Laurent22 Joplin

CVE-2024-53268

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI s…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.030 (86.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Laurent22 Joplin — versions < 3.0.3

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-53268?: CVE-2024-53268 is a high-severity vulnerability in Laurent22 Joplin, classified under Code Injection. CVSS score: 7.3/10. Published 2024-11-25.
How severe is CVE-2024-53268?: High severity. CVSS v3 base score is 7.3 out of 10.