← Volver a CVEs
CVE-2024-14010
CRITICAL9.8
Descripcion
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remote code execution.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/12/2025
Ultima modificacion12/15/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-78
Referencias
http://www.typora.io(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51752(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/typora-os-command-injection-via-export-pdf-preferences(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.