Description

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.

Related CPE's

a

vim_project

vim

*

*

*

*

*

visual_studio_code

Vulnerable

References

https://github.com/VSCodeVim/Vim/commit/939df0e7fd55a9840dbd4fb3c907315e2a5ef446

PatchThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=vscodevim.vim

ProductThird Party Advisory

https://vuln.ryotak.me/advisories/9

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-05T07:15:13.227

4 years ago

Last modified

2021-04-08T18:06:03.227

4 years ago