High severityNVD Advisory· Published Oct 1, 2024· Updated Apr 15, 2026
CVE-2024-9145
CVE-2024-9145
Description
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=0.13.0,<=0.17.8
- Range: 1.0.0 <= version < 1.5.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.