Описание
The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Ссылки
- PatchRelease NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- PatchRelease NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.7 (включая)
cpe:2.3:a:sass_lint_project:sass_lint:*:*:*:*:*:visual_studio_code:*:*
EPSS
Процентиль: 66%
0.00512
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS
Процентиль: 66%
0.00512
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo