CVE-2024-55630

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.2.8

Description Joplin is a free, open source note taking and to-do application. The HTML sanitizer in Joplin allows the name attribute to be specified, which can lead to a property replacement issue. If the name attribute is set to the same value as an existing document property, that property is replaced with the element. This issue can cause a denial of service, where the note viewer fails to refresh until closed and re-opened with a different note.

Recommendations For versions prior to 3.2.8, upgrade to version 3.2.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the name attribute in the HTML sanitizer until a patch is applied. There are no known workarounds for this vulnerability.