This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Obsidian | First view | 2021-08-07 |
| Product | Obsidian | Last view | 2022-07-25 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:obsidian:obsidian | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2022-07-25 | CVE-2022-36450 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. |
| 9.8 | 2021-08-07 | CVE-2021-38148 | Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-20 | Improper Input Validation |
