CVE-2021-29658

Sažetak

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.

Reference

https://github.com/jnbt/vscode-rufo/commit/bc0d212436f76d12cbdab287802fa5bc743f818a
https://marketplace.visualstudio.com/items/jnbt.vscode-rufo/changelog
https://vuln.ryotak.me/advisories/8

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-07-2022 - 17:42

Objavljeno

31-03-2021 - 17:15