Advisory #16
Title | C/C++ Advanced Lint for VS Code remote code execution via crafted workspace configuration |
CVE ID | CVE-2021-28953 |
Vendor | Joseph Benden |
Affected product | C/C++ Advanced Lint for VS Code |
Affected versions | - v1.8.2 |
Vulnerability type | CWE-284 (Improper Access Control) |
Description | C/C++ Advanced Lint for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
Status | Fixed in v1.9.0 |
Recommendation | Update to v1.9.0 or above |