Advisory #9
| Title | VSCodeVim remote code execution via crafted workspace configuration |
| CVE ID | CVE-2021-28832 |
| Vendor | VSCodeVim |
| Affected product | VSCodeVim |
| Affected versions | - 1.18.9 |
| Vulnerability type | CWE-284 (Improper Access Control) |
| Description | VSCodeVim has a vulnerability that allows a crafted workspace folder to execute arbitrary binaries, which leads remote code execution. |
| Status | Fixed in 1.19.0 |
| Recommendation | Update to version 1.19.0 or above |