漏洞标题
Typora WSH JScript 代码注入
漏洞描述信息
Typora WSH JScript代码注入
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Typora WSH JScript code injection
漏洞描述信息
A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
对生成代码的控制不恰当(代码注入)
漏洞标题
Typora 代码注入漏洞
漏洞描述信息
Typora是一款编辑器。 Typora 1.5.8之前版本存在代码注入漏洞,该漏洞源于组件WSH JScript Handle存在问题,会导致代码注入。
CVSS信息
N/A
漏洞类别
代码注入