CVE-2021-29261

Published: Apr 5, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.

Affected (1)

Products: Svelte: Svelte

Svelte

1 product

Svelte

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Svelte Svelte	Before 104.8.0

References (10)

https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/sveltejs/language-tools/releases

Source: cve@mitre.org

Third Party Advisory

https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode

Source: cve@mitre.org

ProductThird Party Advisory

https://vuln.ryotak.me/advisories/3

Source: cve@mitre.org

Third Party Advisory

https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075