CVE-2023-2110 Information

Description

Improper path handling in Obsidian desktop before 1.2.8 on Windows Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via pp://local/. This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian or copies text from a malicious webpage and paste it into Obsidian.

Reference

https://starlabs.sg/advisories/23/23-2110/ https://obsidian.md/changelog/2023-05-03-desktop-v1.2.8/