Unrated severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024

Vulnerability in Stripe for Visual Studio Code < 1.7.3

CVE-2021-21420

Description

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

Affected products

Stripe/Vscode Stripev5
Range: < 1.7.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000