CVE-2020-18336 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2020-18336?

CVE-2020-18336 has a CVSS score of 7.4 (HIGH). This vulnerability allows remote attackers to execute arbitrary JavaScript code in Typora's PDF export function, potentially stealing sensitive information from users. It affects Typora users who export documents containing malicious content to PDF format. The attacker can craft a document that triggers XSS when exported.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary JavaScript code in Typora's PDF export function, potentially stealing sensitive information from users. It affects Typora users who export documents containing malicious content to PDF format. The attacker can craft a document that triggers XSS when exported.

💻 Affected Systems

Products:

Typora

Versions: v0.9.65 and earlier

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with PDF export functionality enabled are vulnerable. The vulnerability is in the PDF rendering component.

📦 What is this software?

Typora by Typora

View all CVEs affecting Typora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals session cookies, authentication tokens, or local file contents, leading to account compromise or data exfiltration.

🟠

Likely Case

Attacker steals user data displayed in Typora during PDF export, such as credentials or sensitive information from other documents.

🟢

If Mitigated

Limited impact if users only export trusted documents and have browser security controls enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious document and exporting to PDF), but can be delivered via email or downloads.

🏢 Internal Only: LOW - Primarily affects individual users rather than network services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires user to open a malicious markdown file and export it to PDF. Proof of concept available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.9.66 and later

Vendor Advisory: https://github.com/typora/typora-issues/issues/2232

Restart Required: Yes

Instructions:

1. Open Typora. 2. Go to Help > Check for Updates. 3. Download and install v0.9.66 or later. 4. Restart Typora.

🔧 Temporary Workarounds

Disable PDF Export

all

Temporarily disable PDF export functionality to prevent exploitation.

Use Trusted Documents Only

all

Only open and export documents from trusted sources.

🧯 If You Can't Patch

Avoid exporting untrusted documents to PDF format
Use alternative markdown editors for processing untrusted content

🔍 How to Verify

Check if Vulnerable:

Check Typora version in Help > About. If version is 0.9.65 or earlier, you are vulnerable.

Check Version:

On macOS/Linux: typora --version (if installed via command line). On Windows: Check About dialog in application.

Verify Fix Applied:

Confirm version is 0.9.66 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unusual PDF export operations with suspicious filenames
Multiple failed export attempts

Network Indicators:

Outbound connections to suspicious domains during PDF export

SIEM Query:

Process execution: typora.exe AND Command line contains 'export' AND 'pdf'

📊 Metadata

CVE ID: CVE-2020-18336

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: CWE-79

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/typora/typora-issues/issues/2232 Exploit,Issue Tracking,Third Party Advisory
https://github.com/typora/typora-issues/issues/2232 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18336, you might also want to check these: