CVE-2021-21420
Last modified
CVE-2021-21420 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Stripe | Stripe | < 1.7.3 |
References
- https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3Third Party Advisory
- https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-21420?
How severe is CVE-2021-21420?
How do I fix CVE-2021-21420?
Are you affected by CVE-2021-21420?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST