Advisory #11
Titleapple/swift-format for VS Code remote code execution via crafted workspace configuration
CVE IDCVE-2021-28789
VendorValentin Knabel
Affected productapple/swift-format for VS Code
Affected versions- 1.1.1
Vulnerability typeCWE-284 (Improper Access Control)
Descriptionapple/swift-format for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 1.1.2
RecommendationUpdate to 1.1.2 or above