{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:19:48.588","vulnerabilities":[{"cve":{"id":"CVE-2024-53268","sourceIdentifier":"security-advisories@github.com","published":"2024-11-25T20:15:10.583","lastModified":"2025-05-07T00:13:36.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Joplin es una aplicación de código abierto para tomar notas centrada en la privacidad y con capacidades de sincronización para Windows, macOS, Linux, Android e iOS. En las versiones afectadas, los atacantes pueden aprovechar el hecho de que openExternal se utiliza sin ningún filtrado de esquemas de URI para obtener la ejecución remota de código en entornos Windows. Este problema se ha solucionado en la versión 3.0.3 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joplin_project:joplin:*:*:*:*:*:-:*:*","versionEndExcluding":"3.0.3","matchCriteriaId":"0CB69B70-C05C-413B-9A7B-AB2897A8C9EB"}]}]}],"references":[{"url":"https://github.com/laurent22/joplin/security/advisories/GHSA-pc5v-xp44-5mgv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}