Advisory #25
| Title | VSCode PHP Mess Detector remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-30124 |
| Vendor | Sandhjé Bouw |
| Affected product | vscode-phpmd |
| Affected versions | - 1.2.0 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | VSCode PHP Mess Detector has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in 1.3.0 |
| Recommendation | Update to 1.3.0 or above. |