This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
Detail | |||
---|---|---|---|
Vendor | Obsidian | First view | 2021-08-07 |
Product | Obsidian | Last view | 2022-07-25 |
Version | * | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:obsidian:obsidian |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2022-07-25 | CVE-2022-36450 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. |
9.8 | 2021-08-07 | CVE-2021-38148 | Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-20 | Improper Input Validation |