Affine
Monthly
Authorization bypass in AFFiNE up to version 0.26.3 allows remote unauthenticated attackers to access restricted document previews through the Public Markdown Preview Endpoint (/workspace/:workspaceId/:docId). The allowDocPreview function fails to properly validate access permissions, enabling attackers to retrieve sensitive document content without authentication. Public exploit code is available, and the vendor has not responded to early disclosure attempts.
Remote code execution in AFFiNE workspace application (versions prior to 0.25.4) allows unauthenticated attackers to execute arbitrary code via malicious affine: URL handlers. Exploitation requires one user click on a crafted link or visiting a malicious website that auto-redirects to the malicious URL. The browser's custom protocol handler automatically launches AFFiNE and processes the payload without further user interaction, achieving RCE. EPSS score of 0.17% (38th percentile) suggests low observed exploitation activity. GitHub security advisory GHSA-67vm-2mcj-8965 confirms the vulnerability with upstream fix available in commit c9a4129a via PR #13864.
Authorization bypass in AFFiNE up to version 0.26.3 allows remote unauthenticated attackers to access restricted document previews through the Public Markdown Preview Endpoint (/workspace/:workspaceId/:docId). The allowDocPreview function fails to properly validate access permissions, enabling attackers to retrieve sensitive document content without authentication. Public exploit code is available, and the vendor has not responded to early disclosure attempts.
Remote code execution in AFFiNE workspace application (versions prior to 0.25.4) allows unauthenticated attackers to execute arbitrary code via malicious affine: URL handlers. Exploitation requires one user click on a crafted link or visiting a malicious website that auto-redirects to the malicious URL. The browser's custom protocol handler automatically launches AFFiNE and processes the payload without further user interaction, achieving RCE. EPSS score of 0.17% (38th percentile) suggests low observed exploitation activity. GitHub security advisory GHSA-67vm-2mcj-8965 confirms the vulnerability with upstream fix available in commit c9a4129a via PR #13864.