CVE-2021-31414
CRITICALvscode-rpm-spec < 0.3.2 - Remote Code Execution via Workspace Configuration
Title source: llmDescription
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://vuln.ryotak.me/advisories/36
Patch, Third Party Advisory x_refsource_misc
https://github.com/LaurentTreguier/vscode-rpm-spec/commit/e19fb8e29cb48cadfd3238371e060d4ffd3384f9
Scores
CVSS v3
9.8
EPSS
0.0241
EPSS Percentile
82.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
rpm_spec_project/rpm_spec
< 0.3.2
Published
Apr 16, 2021
Tracked Since
Feb 18, 2026