What the vulnerability does
01Description
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.
CVSS base score
CVSS vector
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:R
What the vulnerability does
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.
Key dates
External resources