Security
Headlines

Headlines Latest CVEs

Headline

CVE-2022-35975: Improper Object validation allows for arbitrary code execution

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.

2 years ago

#vulnerability #mac #git #rce

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode.

Impact

Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue.

Workarounds

The only safe mitigation is to update to the latest version of the extension.

Credits

This vulnerability was reported by @pjbgf.

References

CVE-2022-35975

For more information

If you have any questions or comments about this advisory:

Email us at [email protected].

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago