Advisory #27
TitleGLSL Linting for Visual Studio Code remote code execution via crafted workspace configuration
CVE IDCVE-2021-30503
VendorDaniel Toplak
Affected productGLSL Linting for Visual Studio Code
Affected versions- 1.3.0
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionGLSL Linting for Visual Studio Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 1.4.0
RecommendationUpdate to 1.4.0 or above