CVE-2019-16765

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16765
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16765.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-16765
Related
  • GHSA-wf4x-8mpj-r42q
Published
2019-11-25T18:15:11.720Z
Modified
2026-03-14T22:30:45.580718Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here.

References

Affected packages

Git / github.com/github/vscode-codeql

Affected ranges

Type
GIT
Repo
https://github.com/github/vscode-codeql
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
07f96bf43ea6b0a5ff4909d379b10b269014a908
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.1"
        }
    ]
}

Affected versions

v1.*
v1.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16765.json"