CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-28956

The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://github.com/glen-84/vscode-sass-lint/compare/v1.0.6...v1.0.7
https://github.com/glen-84/vscode-sass-lint/releases
https://marketplace.visualstudio.com/items/glen-84.sass-lint/changelog
https://vuln.ryotak.me/advisories/1
https://github.com/glen-84/vscode-sass-lint/compare/v1.0.6...v1.0.7
https://github.com/glen-84/vscode-sass-lint/releases
https://marketplace.visualstudio.com/items/glen-84.sass-lint/changelog
https://vuln.ryotak.me/advisories/1

Products affected by CVE-2021-28956

Sass Lint Project » Sass Lint » Version: Any

cpe:2.3:a:sass_lint_project:sass_lint:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28956

Products

Pricing

Contact Us