CVE-2021-34529

Опубликовано: 13 июл. 2021

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Visual Studio Code Remote Code Execution Vulnerability

FAQ

How does Visual Studio Code protect against remote code execution vulnerabilities in extensions?

With the release of Visual Studio Code 1.57, a new feature was added called Workspace Trust. This new feature allows developers to open unfamiliar code or extensions in Restricted Mode with the option to later mark the code as trusted. Restricted Mode works to prevent the automatic execution of code by restricting accessing to certain VS Code features. More details about this new functionality can be found here - https://code.visualstudio.com/updates/v1_57#_workspace-trust.

Обновления

Продукт	Статья	Обновление
Visual Studio Code		Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 90%

0.05642

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-34529

CVSS3: 7.8

nvd

больше 4 лет назад

Visual Studio Code Remote Code Execution Vulnerability

GHSA-8h7g-r6fh-x7wp

CVSS3: 7.8

github

больше 3 лет назад

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34528.

BDU:2021-06012

CVSS3: 7.8

fstec

почти 5 лет назад

Уязвимость файла settings.json редактора исходного кода Microsoft Visual Studio Code, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 90%

0.05642

Низкий

7.8 High

CVSS3