Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
obsidian-dataview 代码注入漏洞
Vulnerability Description
obsidian-dataview是一个应用软件。一个复杂的查询语言实现黑曜石笔记记录工具。 Obsidian Dataview 0.4.12-hotfix1之前版本存在安全漏洞,该漏洞源于软件对于eval函数缺少有效的限制与过滤,导致攻击者可以进行eval注入,软件执行用户输入的evalInContext函数。攻击者可利用该漏洞编写恶意Markdown文件,一旦打开该文件,该文件将执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A