Advisory #8
| Title | vscode-rufo remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-29658 |
| Vendor | jnbt |
| Affected product | vscode-rufo |
| Affected versions | - 0.0.3 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | vscode-rufo has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in 0.0.4 |
| Recommendation | Update to version 0.0.4 or later. |