Advisory #3
TitleSvelte for VS Code remote code execution via crafted workspace configuration
CVE IDCVE-2021-29261
Affected productSvelte for VS Code
Affected versions- 104.7.0
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionSvelte for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 104.8.0
RecommendationUpdate to version 104.8.0 or later.