3 matches found
CVE-2022-36450
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...
CVE-2022-36450
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL...
CVE-2022-36450
CVE-2022-36450 affects Obsidian 0.14.x and 0.15.x prior to 0.15.5. The issue stems from using the obsidian://hook-get-address protocol with a call to window.open without validating the URL, enabling potential remote code execution. Exploitation status is not detailed in the provided documents. Th...