CVE-2024-9145 in Code Visual Studio Code Extensioninformation

Résumé

par MITRE • 01/10/2024

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

Wiz

Réserver

24/09/2024

Divulgation

01/10/2024

Modérer

accepté

Entrée

VDB-278956

CPE

prêt

EPSS

0.00768

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!