Apple · Apple/Swift-Format Extension For Visual Studio Code · CVE-2021-28789
Name of the Vulnerable Software and Affected Versions:
apple/swift-format extension for Visual Studio Code version 1.1.1 and earlier
Description:
The issue allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted `apple-swift-format.path` configuration value that triggers execution upon opening the workspace.
Recommendations:
For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `apple-swift-format.path` configuration value to minimize the risk of exploitation.