The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
References
Link | Resource |
---|---|
https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075 | Patch Third Party Advisory |
https://github.com/sveltejs/language-tools/releases | Third Party Advisory |
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0 | Release Notes Third Party Advisory |
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode | Product Third Party Advisory |
https://vuln.ryotak.me/advisories/3 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2021-04-05 07:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-29261
Mitre link : CVE-2021-29261
CVE.ORG link : CVE-2021-29261
JSON object : View
Products Affected
svelte
- svelte
CWE