2 matches found
CVE-2021-38148
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs...
CVE-2021-38148
Obsidian up to version 0.12.11 does not require user confirmation for non-http/https URLs, per CVE-2021-38148. The root cause is a missing user consent check when handling non-http/https links, which can lead to unintended navigation or loading of external content. The CVSS data indicates high im...