Summary: Product Typora Vendor Typora Severity Medium Affected Versions Typora for Windows/Linux < 1.7.0-dev Tested Versions Typora for Windows 1.6.7, Typora for Linux 1.6.6 CVE Identifier CVE-2023-2971 CVE Description Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/typemark/”.
