CVE-2021-31211

Опубликовано: 11 мая 2021

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Visual Studio Code Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have be enticed to open a malicious file in a directory. Users should never open anything that they do not know or trust to be safe.

How do I know if I am affected by this vulnerability?

Customers running any Visual Studio Code Remote extensions (for example: Visual Studio Code Remote - SSH, Visual Studio Code Remote - Containers, or Visual Studio Code Remote - WSL extensions) are affected by this vulnerability. The fix for the vulnerability is in Visual Studio Code and not in the extensions. Customers running a Visual Studio Code Remote extension need to update Visual Studio Code to be protected from this vulnerability.

Обновления

Продукт	Статья	Обновление
Visual Studio Code	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 88%

0.04005

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-31211

CVSS3: 7.8

nvd

больше 4 лет назад

Visual Studio Code Remote Code Execution Vulnerability

GHSA-5mfq-7jcf-v683

CVSS3: 7.8

github

больше 3 лет назад

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214.

BDU:2021-02779

CVSS3: 7.8

fstec

больше 4 лет назад

Уязвимость редактора исходного кода Visual Studio Code, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 88%

0.04005

Низкий

7.8 High

CVSS3