Summary
Attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments.
Details
Attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. I recommend implementing filtering of allowed URI schemes.
PoC
https://udp.re/joplin_rce.mp4
Impact
Joplin user can fall victim to 1-click remote code execution.
Summary
Attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments.
Details
Attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. I recommend implementing filtering of allowed URI schemes.
PoC
https://udp.re/joplin_rce.mp4
Impact
Joplin user can fall victim to 1-click remote code execution.