CVE-2022-35131

Name of the Vulnerable Software and Affected Versions Joplin version 2.8.8

Description The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

Recommendations For Joplin version 2.8.8, consider restricting the injection of crafted payloads into Node titles until a patch is available. As a temporary workaround, avoid using potentially malicious Node titles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.