cvedb.io
CVE-2022-36450
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2022-07-25T07:15:07.913 · Last modified 2026-06-17T04:53:28.790

Summary

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL.

Affected products

obsidian — obsidian

Does this affect you?

Add your gear to cvedb and we'll alert you only when obsidian ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.