Deserialization of untrusted data

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace...

Design/Logic Flaw

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28791

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28791

The CVE-2021-28791 vulnerability affects the unofficial vscode-swiftformat extension for Visual Studio Code prior to version 1.3.7. A crafted workspace with a manipulated swiftformat.path value can trigger remote code execution upon opening the workspace. Multiple connected sources corroborate th...

CVE-2021-28789

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28789

CVE-2021-28789 affects the unofficial apple/swift-format extension for Visual Studio Code prior to 1.1.2. A crafted apple-swift-format.path workspace configuration can trigger remote code execution when the workspace is opened, enabling an attacker to run arbitrary code. Multiple sources confirm ...

CVE-2021-28794

The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath...

CVE-2021-28794

CVE-2021-28794 affects the unofficial vscode-shellcheck extension for Visual Studio Code prior to 0.13.4. The root cause is mishandling of shellcheck.executablePath within the extension, as described in multiple sources. Public references indicate potential arbitrary code execution on affected sy...

CVE-2021-28792

The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....

CVE-2021-28790

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28790

CVE-2021-28790 affects the unofficial SwiftLint extension for Visual Studio Code prior to 1.4.5. A crafted swiftlint.path workspace configuration can trigger arbitrary code execution when the workspace is opened, enabling remote code execution under a local attack vector. The vulnerability arises...

Valentin Knabel vscode-swiftformat 安全漏洞

vscode-swiftformat is open source an unofficial VS Code extension . A security vulnerability exists in versions of vscode-swiftformat prior to 1.3.7, which can be exploited by attackers to execute arbitrary code on a system...

Valentin Knabel vscode-swiftformat 安全漏洞

vscode-swiftformat is an open source application. Automatically organize Swift code through SwiftFormat. A security vulnerability exists in vscode-swiftformat versions prior to 2.12.1, which can be exploited by attackers to execute arbitrary code...

vscode-swiftlint 安全漏洞

vscode-swiftlint is open source an unofficial VS Code extension . Swift styles and conventions can be implemented through SwiftLint . A code execution vulnerability exists in versions prior to vscode-swiftlint 1.4.5, which can be exploited by an attacker to execute arbitrary code on a system...

PT-2021-5210 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to incorrect code generation management in the settings.json file of Microsoft Visual Studio Code, allowing an attacker to execute arbitrary code...

The vulnerability of the Microsoft Visual Studio Code Java Extension relates to improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code Java Extension relates to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Microsoft Visual Studio Code Remote Development Extension allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code Remote Development Extension is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Visual Studio Code Python Extension Remote Code Execution Vulnerability

...

PT-2021-2504 · Microsoft · Visual Studio Code Python Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code Python Extension affected versions not specified Description: The issue is related to incorrect code generation management in the Microsoft Visual Studio Code Python Extension. Exploitation of this issue may allow a remote...

KLA12130 ACE vulnerability in Microsoft Developer Tools

A remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2020-17163 Related products Microsoft-Visual-Studio CVE list CVE-2020-17163 critical KB list Solution Install necessary...