Lucene search

GitHub_MCVELIST:CVE-2021-21420

HistoryApr 01, 2021 - 9:40 p.m.

CVE-2021-21420 Vulnerability in Stripe for Visual Studio Code < 1.7.3

2021-04-0121:40:10

CWE-74

GitHub_M

www.cve.org

cve-2021-21420

stripe

visual studio code

extension

vulnerability

arbitrary code

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.2%

JSON

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

CNA Affected

[
  {
    "product": "vscode-stripe",
    "vendor": "stripe",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.7.3"
      }
    ]
  }
]

References

github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.2%

JSON

Related for CVELIST:CVE-2021-21420