CVE-2024-56357

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.3.1

Description A user visiting a malicious document or submitting a malicious form could have their account compromised due to the ability to use the javascript: scheme with custom widget URLs and form redirect URLs.

Recommendations For versions prior to 1.3.1, upgrade to version 1.3.1 to resolve the issue. As a temporary workaround for users unable to upgrade, avoid visiting documents or forms prepared by people they do not trust.