CVE-2021-28789 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-28789

CWE

https://cwe.mitre.org/data/definitions/.html

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.

Affected Software

Name	Vendor	Start Version	End Version
Apple-swift-format	Apple-swift-format_project	*	1.1.2 (excluding)

References

https://github.com/vknabel/vscode-apple-swift-format/releases/tag/1.1.2
https://vuln.ryotak.me/advisories/11