Advisory #1
| Title | vscode-sass-lint (aka Sass Lint) remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-28956 |
| Vendor | Glen |
| Affected product | vscode-sass-lint |
| Affected versions | - 1.0.7 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | vscode-sass-lint has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | No fix available |
| Recommendation | Use vscode-stylelint as recommended by the vendor. |