Advisory #3
| Title | Svelte for VS Code remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-29261 |
| Vendor | Svelte |
| Affected product | Svelte for VS Code |
| Affected versions | - 104.7.0 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | Svelte for VS Code has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in 104.8.0 |
| Recommendation | Update to version 104.8.0 or later. |