CVE-2023-27035

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27035
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27035.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-27035
Published
2023-05-01T22:15:09Z
Modified
2025-01-30T19:47:12.577423Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.

References

Affected packages

Git / github.com/obsidianmd/obsidian-releases

Affected ranges

Type
GIT
Repo
https://github.com/obsidianmd/obsidian-releases
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
02ebffce27a86492f0f504dd689febe2170f8add

Affected versions

v0.*

v0.10.0
v0.10.1
v0.10.10
v0.10.11
v0.10.12
v0.10.13
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.11.0
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.10
v0.12.11
v0.12.12
v0.12.13
v0.12.14
v0.12.15
v0.12.16
v0.12.17
v0.12.18
v0.12.19
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.12.8
v0.12.9
v0.13.14
v0.13.19
v0.13.23
v0.13.24
v0.13.30
v0.13.31
v0.13.33
v0.14.15
v0.14.2
v0.14.5
v0.14.6
v0.15.6
v0.15.8
v0.15.9
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.10
v0.8.11
v0.8.12
v0.8.13
v0.8.14
v0.8.15
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.17
v0.9.18
v0.9.19
v0.9.2
v0.9.20
v0.9.21
v0.9.22
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9

v1.*

v1.0.0
v1.0.3
v1.1.8
v1.1.8-E21
v1.1.9