PT-2019-14821 · Github+1 · Codeql+1

Adityasharad

Published

2019-11-25

Updated

2021-10-28

CVE-2019-16765

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeQL extension versions prior to 1.0.1

Description The issue allows an attacker to execute arbitrary code on a user's system if the user opens a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active.

Recommendations For versions prior to 1.0.1, upgrade to version 1.0.1 of the CodeQL extension using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, ensure the codeQL.cli.executablePath setting is only set in the per-user settings.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-250

Related Identifiers

CVE-2019-16765

GHSA-WF4X-8MPJ-R42Q

Affected Products

Codeql

Visual Studio Code

PT-2019-14821 · Github+1 · Codeql+1

CVE-2019-16765

Weakness Enumeration

Related Identifiers

Affected Products

References · 5