CVE-2021-28789

Name of the Vulnerable Software and Affected Versions: apple/swift-format extension for Visual Studio Code version 1.1.1 and earlier

Description: The issue allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.

Recommendations: For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the apple-swift-format.path configuration value to minimize the risk of exploitation.