Lucene search
+L

8 matches found

redhatcve
redhatcve
β€’added 2026/04/07 11:1 p.m.β€’7 views

CVE-2026-35454

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References1
nvd
nvd
β€’added 2026/04/06 10:16 p.m.β€’7 views

CVE-2026-35454

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS0.00343EPSS
Exploits0References2
vulnrichment
vulnrichment
β€’added 2026/04/06 9:51 p.m.β€’4 views

CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References2
cvelist
cvelist
β€’added 2026/04/06 9:51 p.m.β€’19 views

CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS0.00343EPSS
Exploits0References2
osv
osv
β€’added 2026/04/06 9:51 p.m.β€’3 views

CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
cve
cve
β€’added 2026/04/06 9:51 p.m.β€’25 views

CVE-2026-35454

The CVE-2026-35454 affects coder/code-marketplace (Code Extension Marketplace) up to version 2.4.1. A Zip Slip/path-traversal vulnerability arises in the ExtractZip logic where raw zip entry names are passed to a callback that writes files via filepath.Join without boundary checks, allowing paths...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References2Affected Software1
euvd
euvd
β€’added 2026/04/06 9:51 p.m.β€’6 views

EUVD-2026-19537

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

8.7CVSS6.1AI score0.00343EPSS
Exploits0References2
cnnvd
cnnvd
β€’added 2026/04/06 12:0 a.m.β€’9 views

Code Extension Marketplace θ·―εΎ„ιεŽ†ζΌζ΄ž

The Code Extension Marketplace is an open-source extension marketplace server developed by Coder. Versions of the Code Extension Marketplace prior to 2.4.2 contained a path traversal vulnerability. This vulnerability stemmed from the lack of boundary checks, which could lead to arbitrary file...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References3
Rows per page
Query Builder