Advisory #25
TitleVSCode PHP Mess Detector remote code execution via crafted workspace configuration
CVE IDCVE-2021-30124
VendorSandhjé Bouw
Affected productvscode-phpmd
Affected versions- 1.2.0
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionVSCode PHP Mess Detector has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 1.3.0
RecommendationUpdate to 1.3.0 or above.