CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js

This public proof-of-concept shows Obsidian is affected, (the second screenshot is of Obsidian)