Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqd3AtN3YzZy05OXBq
Cross-site Request Forgery (CSRF) in joplin
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.
Permalink: https://github.com/advisories/GHSA-gjwp-7v3g-99pjJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqd3AtN3YzZy05OXBq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-gjwp-7v3g-99pj, CVE-2021-23431
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23431
- https://github.com/laurent22/joplin/commit/19b45de2981c09f6f387498ef96d32b4811eba5e
- https://snyk.io/vuln/SNYK-JS-JOPLIN-1325537
- https://github.com/advisories/GHSA-gjwp-7v3g-99pj
Blast Radius: 7.7
Affected Packages
npm:joplin
Dependent packages: 2Dependent repositories: 27
Downloads: 2,237 last month
Affected Version Ranges: < 2.3.2
Fixed in: 2.3.2
All affected versions: 0.8.40, 0.8.68, 0.8.70, 0.8.71, 0.8.72, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.18, 0.9.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23, 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.38, 0.10.39, 0.10.40, 0.10.41, 0.10.42, 0.10.43, 0.10.44, 0.10.45, 0.10.46, 0.10.47, 0.10.48, 0.10.49, 0.10.50, 0.10.51, 0.10.53, 0.10.54, 0.10.55, 0.10.58, 0.10.60, 0.10.61, 0.10.62, 0.10.63, 0.10.64, 0.10.65, 0.10.66, 0.10.67, 0.10.68, 0.10.69, 0.10.70, 0.10.71, 0.10.72, 0.10.73, 0.10.74, 0.10.75, 0.10.76, 0.10.77, 0.10.78, 0.10.79, 0.10.80, 0.10.81, 0.10.82, 0.10.83, 0.10.84, 0.10.85, 0.10.86, 0.10.87, 0.10.88, 0.10.89, 0.10.90, 0.10.91, 0.10.92, 0.10.93, 1.0.95, 1.0.96, 1.0.97, 1.0.98, 1.0.99, 1.0.100, 1.0.101, 1.0.103, 1.0.104, 1.0.106, 1.0.107, 1.0.108, 1.0.109, 1.0.110, 1.0.112, 1.0.113, 1.0.114, 1.0.115, 1.0.116, 1.0.117, 1.0.118, 1.0.119, 1.0.120, 1.0.122, 1.0.123, 1.0.124, 1.0.125, 1.0.126, 1.0.127, 1.0.128, 1.0.129, 1.0.130, 1.0.131, 1.0.132, 1.0.133, 1.0.135, 1.0.136, 1.0.137, 1.0.139, 1.0.140, 1.0.141, 1.0.142, 1.0.143, 1.0.144, 1.0.145, 1.0.146, 1.0.147, 1.0.148, 1.0.149, 1.0.150, 1.0.151, 1.0.152, 1.0.153, 1.0.154, 1.0.155, 1.0.156, 1.0.157, 1.0.158, 1.0.159, 1.0.160, 1.0.161, 1.0.162, 1.0.163, 1.0.164, 1.0.165, 1.0.166, 1.0.167, 1.0.168, 1.1.2, 1.1.7, 1.1.8, 1.2.1, 1.2.2, 1.2.3, 1.3.1, 1.3.2, 1.3.3, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.1, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.8.1, 2.0.1, 2.1.1, 2.1.2, 2.2.1, 2.2.2
All unaffected versions: 2.3.2, 2.4.1, 2.6.1, 2.6.2, 2.8.1, 2.9.1, 2.10.1, 2.10.2, 2.10.3, 2.11.1, 2.12.1, 2.13.1, 2.13.2, 2.14.1