Yue Liu

**Name of the Vulnerable Software and Affected Versions** Spring CLI VSCode extension versions through 0.9.0 **Description** The VSCode extension for Spring CLI is susceptible to a command injection flaw. This allows an attacker to execute arbitrary commands locally if a user is tricked into triggering a vulnerable workflow. The extension is end-of-life and there is no patch available. The issue can lead to command execution on the user's machine. **Recommendations** Remove the Spring CLI VSCode extension and migrate to supported Spring tooling.

**Name of the Vulnerable Software and Affected Versions** Dell Digital Delivery versions prior to 5.2.0.0 **Description** The issue is a Use After Free Vulnerability that could be exploited by a local low privileged attacker, potentially leading to application crash or execution of arbitrary code. **Recommendations** For versions prior to 5.2.0.0, update to version 5.2.0.0 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Digital Delivery versions prior to 5.2.0.0 **Description** A local low privileged attacker could potentially exploit a Buffer Overflow issue, leading to arbitrary code execution and/or privilege escalation. **Recommendations** For versions prior to 5.2.0.0, update to version 5.2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied.