This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Obsidian First view 2021-08-07
Product Obsidian Last view 2022-07-25
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:obsidian:obsidian

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2022-07-25 CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.

9.8 2021-08-07 CVE-2021-38148

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-20 Improper Input Validation