The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
References
Link | Resource |
---|---|
https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075 | Patch Third Party Advisory |
https://github.com/sveltejs/language-tools/releases | Third Party Advisory |
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0 | Release Notes Third Party Advisory |
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode | Product Third Party Advisory |
https://vuln.ryotak.me/advisories/3 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-05T06:15:21
Updated: 2021-04-05T06:15:21
Reserved: 2021-03-26T00:00:00
Link: CVE-2021-29261
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-05T07:15:14.463
Modified: 2021-04-08T18:00:36.147
Link: CVE-2021-29261
JSON object: View
Redhat Information
No data.
CWE