CVE-2023-1003 MEDIUM

CVE-2023-1003: Typora WSH JScript code injection

Vendor N/A
Product Typora
Weakness CWE-94 · Code injection
Published February 24, 2023
Last update August 2, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.

Key dates

02Disclosure timeline

February 24, 2023 CVE published
August 2, 2024 Record updated