Advisory #10
| Title | ShellCheck for Visual Studio Code remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-28794 |
| Vendor | Timon Wong |
| Affected product | ShellCheck for Visual Studio Code |
| Affected versions | - v0.13.3 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | ShellCheck for Visual Studio Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in v0.13.4 |
| Recommendation | Update to v0.13.4 or above |