7 matches found
CVE-2026-35454
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
CVE-2026-35454
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
CVE-2026-35454
The CVE-2026-35454 affects coder/code-marketplace (Code Extension Marketplace) up to version 2.4.1. A Zip Slip/path-traversal vulnerability arises in the ExtractZip logic where raw zip entry names are passed to a callback that writes files via filepath.Join without boundary checks, allowing paths...
CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
EUVD-2026-19537
The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...
Code Extension Marketplace θ·―εΎιεζΌζ΄
The Code Extension Marketplace is an open-source extension marketplace server developed by Coder. Versions of the Code Extension Marketplace prior to 2.4.2 contained a path traversal vulnerability. This vulnerability stemmed from the lack of boundary checks, which could lead to arbitrary file...