Описание
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.2 (исключая)
cpe:2.3:a:apple-swift-format_project:apple-swift-format:*:*:*:*:*:visual_studio:*:*
EPSS
Процентиль: 80%
0.0143
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.
EPSS
Процентиль: 80%
0.0143
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo