Advisory #38
| Title | Simple GHC (Haskell) Integration for VSCode remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-30502 |
| Vendor | dramforever |
| Affected product | Simple GHC (Haskell) Integration for VSCode |
| Affected versions | - 0.2.2 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | Simple GHC (Haskell) Integration for VSCode has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in 0.2.3 |
| Recommendation | Update to 0.2.3 or above |