CVE-2021-21420

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21420

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21420.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-21420

Related

GHSA-j6x4-4622-8vv3

Published

2021-04-01T22:15:11Z

Modified

2025-01-08T03:22:45.739756Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

References

https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3

Affected packages

Git / github.com/stripe/vscode-stripe

Affected ranges

Type: GIT
Repo: https://github.com/stripe/vscode-stripe
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

57cd8de6ea40546b26d30b0905850e82b7c35b49

Affected versions

v1.*

v1.7.0