CVE-2021-42057

Name of the Vulnerable Software and Affected Versions Obsidian Dataview versions 0.4.12-hotfix1 and earlier

Description The issue allows for eval injection due to the evalInContext function executing user input. This enables an attacker to craft malicious Markdown files that will execute arbitrary code once opened.

Recommendations For versions 0.4.12-hotfix1 and earlier, update to version 0.4.13 or later to mitigate the issue for some use cases. As a temporary workaround, consider restricting the use of the evalInContext function until a more comprehensive patch is available.