Description

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2025-02-07T22:23:04.109Z

Last Modified :

2025-02-10T17:18:47.395Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55630 vulnerability.

Vendors Products
Joplin Project
  • Joplin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55630.

URL Resource
https://en.wikipedia.org/wiki/DOM_clobbering cve-icon cve-icon
https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9 cve-icon cve-icon
https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact