CVE-2021-28791

Name of the Vulnerable Software and Affected Versions: SwiftFormat extension for Visual Studio Code versions prior to 1.3.7

Description: The issue allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. This can be achieved by exploiting the vulnerability in the SwiftFormat extension for Visual Studio Code.

Recommendations: For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the swiftformat.path configuration value to minimize the risk of exploitation.