First published: Sat Aug 07 2021(Updated: )
Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Obsidian Obsidian | <0.12.12 | |
npm/obsidian | <0.12.12 | 0.12.12 |
<0.12.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-38148.
The severity of CVE-2021-38148 is critical (9.8).
The Obsidian software versions before 0.12.12 are affected by CVE-2021-38148.
CVE-2021-38148 allows an attacker to execute arbitrary code or perform other malicious actions by tricking a user into opening a non-http/https URL without requiring user confirmation.
You can find more information about CVE-2021-38148 at the following link: [https://forum.obsidian.md/t/obsidian-release-v0-12-12/21564](https://forum.obsidian.md/t/obsidian-release-v0-12-12/21564)