The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
References
Link | Resource |
---|---|
https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075 | Patch Third Party Advisory |
https://github.com/sveltejs/language-tools/releases | Third Party Advisory |
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0 | Release Notes Third Party Advisory |
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode | Product Third Party Advisory |
https://vuln.ryotak.me/advisories/3 | Third Party Advisory |
https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075 | Patch Third Party Advisory |
https://github.com/sveltejs/language-tools/releases | Third Party Advisory |
https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0 | Release Notes Third Party Advisory |
https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode | Product Third Party Advisory |
https://vuln.ryotak.me/advisories/3 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075 - Patch, Third Party Advisory | |
References | () https://github.com/sveltejs/language-tools/releases - Third Party Advisory | |
References | () https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0 - Release Notes, Third Party Advisory | |
References | () https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode - Product, Third Party Advisory | |
References | () https://vuln.ryotak.me/advisories/3 - Third Party Advisory |
Information
Published : 2021-04-05 07:15
Updated : 2024-11-21 06:00
NVD link : CVE-2021-29261
Mitre link : CVE-2021-29261
CVE.ORG link : CVE-2021-29261
JSON object : View
Products Affected
svelte
- svelte
CWE