Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-28789: Release Banned some configs from workspaces · vknabel/vscode-apple-swift-format

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.

CVE
#vulnerability#apple

Compare

Choose a tag to compare

Banned some configs from workspaces

vknabel released this

· 6 commits to master since this release

1.1.2

87a1206

Compare

Choose a tag to compare

Fixes vulnerability which allowed malicous workspaces to execute code when opened by providing. Now the vulnerable configs cannot be overrided in workspaces anymore: apple-swift-format.path.
Reported by @Ry0taK.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907