CVE-2024-56359

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.3.2

Description The issue arises when a user visits a malicious document and clicks on a link in a HyperLink cell using a control modifier, such as Ctrl+click. This could lead to account compromise, as the link could use the javascript: scheme and be evaluated in the context of their current page.

Recommendations For versions prior to 1.3.2, upgrade to version 1.3.2 or later to resolve the issue. As a temporary workaround for users unable to upgrade, avoid clicking on HyperLink cell links using a control modifier in documents prepared by people they do not trust.