Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode
Vulnerability Description
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Microsoft VSCode Extension 操作系统命令注入漏洞
Vulnerability Description
Microsoft VSCode Extension是美国微软(Microsoft)公司的适用于VSCode的扩展程序。 Microsoft VSCode Extension vscode-gitops-tools 0.7.0 到 0.20.2版本存在操作系统命令注入漏洞,该漏洞源于在运行 VSCode 的用户的上下文中,特制的 Flux 对象可以允许在运行扩展的机器上远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A