Advisory #12
TitleSwiftLint for VS Code remote code execution via crafted workspace configuration
CVE IDCVE-2021-28790
VendorValentin Knabel
Affected productSwiftLint for VS Code
Affected versions- 1.4.4
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionSwiftLint for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 1.4.5
RecommendationUpdate to 1.4.5 or above