CVE-2024-14010

Sažetak

Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.

Reference

http://www.typora.io
https://www.exploit-db.com/exploits/51752
https://www.vulncheck.com/advisories/typora-os-command-injection-via-export-pdf-preferences

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

15-12-2025 - 18:22

Objavljeno

12-12-2025 - 20:15