Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vulnerability in Stripe for Visual Studio Code < 1.7.3
Vulnerability Description
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
vscode-stripe 注入漏洞
Vulnerability Description
gracegoo-stripe vscode-stripe是gracegoo-stripe开源的一个应用插件。Stripe对Visual Studio Code的扩展使生成示例代码,查看API请求日志,将事件转发到您的应用程序以及在编辑器中使用Stripe变得容易。 vscode-stripe 存在注入漏洞,攻击者可利用该漏洞可以在当前用户的上下文中运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A