Advisory #36 - RyotaK's Vuln DB

Advisory #36

Title	RPM Specfile support in VSCode remote code execution via crafted workspace configuration
CVE ID	CVE-2021-31414
Vendor	Laurent Tréguier
Affected product	RPM Specfile support in VSCode
Affected versions	- 0.3.1
Vulnerability type	CWE-284 (Improper Access Control)
Description	RPM Specfile support in VSCode has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
Status	Fixed in 0.3.2
Recommendation	Update to 0.3.2 or above.