11 matches found
Unsafe Dependency Resolution
Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
CVE-2021-30502
The CVE-2021-30502 entry concerns the unofficial vscode-ghc-simple (Simple Glasgow Haskell Compiler) extension for Visual Studio Code. Affected component: the extension’s workspace configuration handling via replCommand, which allows remote code execution. Impact: high/severe due to remote code e...
Lex Li vscode-restructuredtext access control error vulnerability
Lex Li vscode-restructuredtext is a Lex Li open source application. This extension provides rich reStructuredText language support for Visual Studio Code.An access control error vulnerability exists in versions prior to Lex Li vscode-restructuredtext 146.0.0, which stems from the inclusion of an...
CVE-2021-28793
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...
CVE-2021-28793
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration...
CVE-2021-31414
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration...
CVE-2021-28832
VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration...
Default configuration
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration...