CVE-2019-12137

Name of the Vulnerable Software and Affected Versions Typora version 0.9.9.24.6

Description The issue allows directory traversal, enabling the execution of arbitrary programs. This can be achieved by including a file:/// or ../ substring in a shared note.

Recommendations For Typora version 0.9.9.24.6, consider avoiding the use of file:/// or ../ substrings in shared notes until a patch is available. As a temporary workaround, restrict access to shared notes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.