CVE-2021-29261

Sažetak

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.

Reference

https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075
https://github.com/sveltejs/language-tools/releases
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode
https://vuln.ryotak.me/advisories/3

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-04-2021 - 18:00

Objavljeno

05-04-2021 - 07:15