CVE-2024-9145

HIGH Year: 2024
Weakness Type
CWE-77
View all →

Vulnerability Description

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.

Related Vulnerabilities

CVE-2024-51736

NONE
CVSS:0.0(None)

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it...

CWE-772024

CVE-2015-7541

CRITICAL
CVSS:10.0(Critical)

The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metachara...

CWE-772015

CVE-2017-7722

CRITICAL
CVSS:10.0(Critical)

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploitin...

CWE-772017

CVE-2017-7876

CRITICAL
CVSS:10.0(Critical)

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 bui...

CWE-772017

CVE-2018-16462

CRITICAL
CVSS:10.0(Critical)

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.

CWE-772018

CVE-2020-27227

CRITICAL
CVSS:10.0(Critical)

An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request...

CWE-772020