Advisory #11 - RyotaK's Vuln DB

Advisory #11

Title	apple/swift-format for VS Code remote code execution via crafted workspace configuration
CVE ID	CVE-2021-28789
Vendor	Valentin Knabel
Affected product	apple/swift-format for VS Code
Affected versions	- 1.1.1
Vulnerability type	CWE-284 (Improper Access Control)
Description	apple/swift-format for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
Status	Fixed in 1.1.2
Recommendation	Update to 1.1.2 or above