CVE-2021-21420
HIGHStripe for Visual Studio Code < 1.7.3 - Remote Code Execution via Malicious Repository Settings
Title source: llmDescription
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3
Scores
CVSS v3
7.5
EPSS
0.0056
EPSS Percentile
42.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
stripe/stripe
< 1.7.3
Published
Apr 01, 2021
Tracked Since
Feb 18, 2026