7 matches found
Improper Warning Message Handling
@anthropic-ai/claude-code is vulnerable to improper warning message handling. The vulnerability is due to an unclear trust prompt that failed to inform users that selecting “Yes, proceed” would execute files in the folder without further confirmation, which allows an attacker to trick users into...
EUVD-2024-50278
Malicious code in bioql PyPI...
CVE-2024-9145
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...
CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...
CVE-2024-9145 Local command injection in Wiz Code Visual Studio Code extension
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz legacy Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder"...
PT-2024-39454 · Microsoft +1 · Visual Studio Code +2
Name of the Vulnerable Software and Affected Versions: Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3 Wiz legacy Visual Studio Code extension versions 0.13.0 through 0.17.8 Description: The issue allows for local command injection when a user opens a maliciously crafted...
CVE-2022-24441 Code Injection
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the applicatio...