blacksmithgu/obsidian-dataview

Releases145

Frequency1 week 3 days

Last Release about 1 year ago

Stars9.01K

A data index and query language over Markdown files, for https://obsidian.md/.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-42057 ↗	Nov 4, 2021Thursday, 4 November 2021, 21:15	7.8 HIGH	9.3 HIGH
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.