CVE-2024-55630
CVSS V2 None
CVSS V3 None
Description
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-55630
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2025-02-07T22:23:04.109Z
- Last Modified Date
- 2025-02-07T22:23:04.109Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh | x_refsource_CONFIRM |
| https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9 | x_refsource_MISC |
| https://en.wikipedia.org/wiki/DOM_clobbering | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-55630 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55630 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2025-02-08 13:05:12 | Added to TrackCVE |