Advisory #38
TitleSimple GHC (Haskell) Integration for VSCode remote code execution via crafted workspace configuration
CVE IDCVE-2021-30502
Affected productSimple GHC (Haskell) Integration for VSCode
Affected versions- 0.2.2
Vulnerability typeCWE-284 (Improper Access Control)
DescriptionSimple GHC (Haskell) Integration for VSCode has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution.
StatusFixed in 0.2.3
RecommendationUpdate to 0.2.3 or above