Description
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/typora/typora-issues/issues/2505
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153082/Typora-0.9.9.24.6-Directory-Traversal.html
Various Sources x_refsource_misc
https://twitter.com/RandomDhiraj/status/1136960564540915712
Scores
CVSS v3
7.8
EPSS
0.0254
EPSS Percentile
85.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
typora/typora
0.9.9.24.6
Published
May 16, 2019
Tracked Since
Feb 18, 2026