CVE-2021-23431

MEDIUM

Joplin < 2.3.2 - CSRF

Title source: rule

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.

Core 2

Core References

Patch, Third Party Advisory x_refsource_misc

Patch, Third Party Advisory x_refsource_misc

CVSS v3 5.4

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-352

Status published

Products (2)

joplinapp/joplin < 2.3.2

npm/joplin 0 - 2.3.2npm

Published Aug 24, 2021

Tracked Since Feb 18, 2026