← Back to CVE List
CVE-2022-36450
Published:
2022-07-25T07:15Z
Last Modified:
2024-11-21T07:13Z
Source:
MITRE CVE List
License:
MITRE-CVE-TOS
Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt