CVE-2021-29261

Опубликовано: 05 апр. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.

Ссылки

https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075
Patch
Third Party Advisory
https://github.com/sveltejs/language-tools/releases
Third Party Advisory
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0
Release Notes
Third Party Advisory
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode
Product
Third Party Advisory
https://vuln.ryotak.me/advisories/3
Third Party Advisory
https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075
Patch
Third Party Advisory
https://github.com/sveltejs/language-tools/releases
Third Party Advisory
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0
Release Notes
Third Party Advisory
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode
Product
Third Party Advisory
https://vuln.ryotak.me/advisories/3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:svelte:svelte:*:*:*:*:*:visual_studio_code:*:*

Версия до 104.8.0 (исключая)

EPSS

Процентиль: 71%

0.00681

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7hhg-cf2m-8xw7

github

больше 3 лет назад