CVE-2021-22539

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-73
View all →

Vulnerability Description

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.

Related Vulnerabilities

CVE-2020-15264

HIGH
CVSS:7.8(High)

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged user...

CWE-732020

CVE-2020-1984

HIGH
CVSS:7.8(High)

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system priv...

CWE-732020

CVE-2022-34669

HIGH
CVSS:7.8(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the appl...

CWE-732022

CVE-2023-5247

HIGH
CVSS:7.8(High)

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious ...

CWE-732023