CVE-2019-20374

Name of the Vulnerable Software and Affected Versions Typora versions prior to 0.9.9.31.2 on macOS Typora versions prior to 0.9.81 on Linux

Description A mutation cross-site scripting issue leads to remote code execution through Mermaid code blocks. This occurs due to improper HTML sanitization when a file is opened in Typora, which is based on the Electron framework. The lack of proper sanitization allows for the execution of code in an unsandboxed environment.

Recommendations For Typora versions prior to 0.9.9.31.2 on macOS, update to version 0.9.9.31.2 or later to resolve the issue. For Typora versions prior to 0.9.81 on Linux, update to version 0.9.81 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Mermaid code blocks in Typora until a patch is applied.