Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Notable 路径遍历漏洞
Vulnerability Description
Notable是Notable个人开发者的一个支持跨平台的基于Markdown的笔记记录软件。 Notable-insiders存在路径遍历漏洞,该漏洞源于文件URI方案的验证不正确。指向 SMB 共享的超链接可能导致执行任意程序(或通过 SMB 中继攻击窃取 NTLM 凭据,因为应用程序解析 UNC 路径)。
CVSS Information
N/A
Vulnerability Type
N/A