Headline
CVE-2021-28789: Release Banned some configs from workspaces · vknabel/vscode-apple-swift-format
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.
Compare
Choose a tag to compare
Banned some configs from workspaces
vknabel released this
· 6 commits to master since this release
1.1.2
87a1206
Compare
Choose a tag to compare
Fixes vulnerability which allowed malicous workspaces to execute code when opened by providing. Now the vulnerable configs cannot be overrided in workspaces anymore: apple-swift-format.path.
Reported by @Ry0taK.