-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| obsidian | npm | < 0.12.12 | 0.12.12 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly relates to missing user confirmation for non-standard URL protocols. In Electron applications like Obsidian, link handling is typically managed through main process event handlers (e.g., 'will-navigate' or 'new-window'). The absence of protocol checks and confirmation dialogs in these handlers before version 0.12.12 would directly enable this vulnerability. While exact implementation details aren't available, the nature of Electron security patterns and the documented fix (added confirmation dialog) strongly indicate that the core link handling function was missing these safeguards.
Ongoing coverage of React2Shell