CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-36450

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.041

EPSS Ranking 88.2%

CVSS Severity

CVSS v3 Score 8.0

References

https://forum.obsidian.md/t/possible-remote-code-execution-through-obsidian-uri-scheme/39743
https://www.chtsecurity.com/news/f2a1ad21-3442-495f-8b6e-f0fe433d6caa
https://forum.obsidian.md/t/possible-remote-code-execution-through-obsidian-uri-scheme/39743
https://www.chtsecurity.com/news/f2a1ad21-3442-495f-8b6e-f0fe433d6caa

Products affected by CVE-2022-36450

Obsidian » Obsidian » Version: Any

cpe:2.3:a:obsidian:obsidian:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-36450

Products

Pricing

Contact Us