Vulnerabilities > CVE-2021-29261 - Unspecified vulnerability in Svelte
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
svelte
Summary
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://github.com/sveltejs/language-tools/commit/5d7bf1fd98bfe2cd2080863a3c95ce099b898075
- https://github.com/sveltejs/language-tools/releases
- https://github.com/sveltejs/language-tools/releases/tag/extensions-104.8.0
- https://marketplace.visualstudio.com/items?itemName=svelte.svelte-vscode
- https://vuln.ryotak.me/advisories/3