Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Obsidian 输入验证错误漏洞
Vulnerability Description
Obsidian是Obsidian社区的一个适用于本地 Markdown 文件的知识库。 Obsidian存在安全漏洞,该漏洞源于其开放使用时未对URL进行检查导致攻击者可以通过特定URL导致远程执行obsidian代码。以下版本受到影响:0.14.x版本、0.15.x的0.15.5之前的版本
CVSS Information
N/A
Vulnerability Type
N/A