CVE-2023-2971: 
Typora vulnerability analysis and mitigation

CVE-2023-2971 is a Local File Disclosure vulnerability discovered in Typora versions before 1.7.0-dev affecting both Windows and Linux platforms. The vulnerability allows a crafted webpage to access local files and exfiltrate them to remote web servers via the 'typora://app/typemark/' protocol. This vulnerability was identified in August 2023 and is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (STAR Labs, NVD).

The vulnerability exists in the custom URL scheme 'typora://' handler implemented in resources/app.asar/atom.js. While a previous patch in version 1.6.5 added a sanity check to ensure paths start with 'typemark', the fix was incomplete. Attackers can still bypass this protection using two methods: using '..%5C' (Windows-only) or passing '../' in URL fragments. The vulnerability has a CVSS v3.1 Base Score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N according to NVD, while STAR Labs rates it at 6.3 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N (STAR Labs, NVD).

The vulnerability allows attackers to access and exfiltrate arbitrary local files from the victim's system to remote web servers. This can lead to the disclosure of sensitive information stored in local files (STAR Labs).

The vulnerability has been patched in Typora version 1.7.0-dev. For users of affected versions, it is recommended to avoid opening untrusted markdown files in Typora and to avoid copying text from untrusted webpages and pasting it into Typora. Additionally, organizations should prohibit HTTP(S) webpages from accessing typora:// resources (STAR Labs).