Vulnerability CVE-2021-21420
Published: 2021-04-01   Modified: 2021-04-02

Description:
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

Type:

CWE-74

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Stripe -> Stripe 

 References:
https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3
Copyright 2024, cxsecurity.com

 

Back to Top