JVN#29949691: Inkdrop vulnerable to OS command injection

Overview

Inkdrop contains an OS command injection vulnerability.

Products Affected

Inkdrop versions prior to v5.3.1

Description

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability (CWE-78).

Impact

If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs.

Solution

Update the Software
According to the developers, Inkdrop has an auto-update feature, so affected versions of the product will be updated automatically.

Vendor Status

Vendor	Link
Takuya Matsuyama	Inkdrop
	v5.3.1 Release Notes

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score: 7.8

Attack Vector(AV)	Physical (P)	Local (L)	Adjacent (A)	Network (N)
Attack Complexity(AC)	High (H)	Low (L)
Privileges Required(PR)	High (H)	Low (L)	None (N)
User Interaction(UI)	Required (R)	None (N)
Scope(S)	Unchanged (U)	Changed (C)
Confidentiality Impact(C)	None (N)	Low (L)	High (H)
Integrity Impact(I)	None (N)	Low (L)	High (H)
Availability Impact(A)	None (N)	Low (L)	High (H)

CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score: 6.8

Access Vector(AV)	Local (L)	Adjacent Network (A)	Network (N)
Access Complexity(AC)	High (H)	Medium (M)	Low (L)
Authentication(Au)	Multiple (M)	Single (S)	None (N)
Confidentiality Impact(C)	None (N)	Partial (P)	Complete (C)
Integrity Impact(I)	None (N)	Partial (P)	Complete (C)
Availability Impact(A)	None (N)	Partial (P)	Complete (C)

Credit

Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2021-20745
JVN iPedia	JVNDB-2021-000054

JVN#29949691 Inkdrop vulnerable to OS command injection