CVE-2023-27035 Information
May 02, 2023
cve
Description
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications record user audio and other unspecified impacts via embedded website on the canvas page.
Reference
https://forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509 https://forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595 https://github.com/fivex3/CVE-2023-27035
Share on: