PT-2019-14821 · Github+1 · Codeql+1

Adityasharad

Publicado

2019-11-25

Atualizado

2021-10-28

CVE-2019-16765

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeQL extension versions prior to 1.0.1

Description The issue allows an attacker to execute arbitrary code on a user's system if the user opens a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active.

Recommendations For versions prior to 1.0.1, upgrade to version 1.0.1 of the CodeQL extension using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, ensure the codeQL.cli.executablePath setting is only set in the per-user settings.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-250

Identificadores relacionados

CVE-2019-16765

GHSA-WF4X-8MPJ-R42Q

Produtos afetados

Codeql

Visual Studio Code

PT-2019-14821 · Github+1 · Codeql+1

CVE-2019-16765

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5