CVE-2021-28793

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lextudio:restructuredtext:*:*:*:*:*:visual_studio_code:*:*

History

21 Nov 2024, 06:00

Type Values Removed Values Added
References () https://github.com/vscode-restructuredtext/vscode-restructuredtext/commit/1dd3e878a5559e3dfe0e48f145c90418b208c5af - Patch, Third Party Advisory () https://github.com/vscode-restructuredtext/vscode-restructuredtext/commit/1dd3e878a5559e3dfe0e48f145c90418b208c5af - Patch, Third Party Advisory
References () https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases - Release Notes, Third Party Advisory () https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases - Release Notes, Third Party Advisory
References () https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases/tag/147.0.0 - Release Notes, Third Party Advisory () https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases/tag/147.0.0 - Release Notes, Third Party Advisory
References () https://vuln.ryotak.me/advisories/37 - Third Party Advisory () https://vuln.ryotak.me/advisories/37 - Third Party Advisory

Information

Published : 2021-04-20 13:15

Updated : 2024-11-21 06:00


NVD link : CVE-2021-28793

Mitre link : CVE-2021-28793

CVE.ORG link : CVE-2021-28793


JSON object : View

Products Affected

lextudio

  • restructuredtext
CWE
CWE-863

Incorrect Authorization