Home > Vulnerability Database > CVE-2024-55630

Mend.io Vulnerability Database

CVE-2024-55630

Date: February 7, 2025

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the "name" attribute to be specified. If "name" is set to the same value as an existing "document" property (e.g. "querySelector"), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

3.3

Related Resources (5)

Url: https://en.wikipedia.org/wiki/DOM_clobbering

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55630

Url: https://github.com/laurent22/joplin/commit/e70efcbd60ce62f06e77c183b362c74e636c02d9

Url: https://github.com/laurent22/joplin/security/advisories/GHSA-5cch-jr52-qffh

Url: https://www.mend.io/vulnerability-database/CVE-2024-55630

Severity Score

3.3

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55630

Date: February 7, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?