CVE-2021-21420 HIGH

CVE-2021-21420: Vulnerability in Stripe for Visual Studio Code < 1.7.3

Vendor Stripe
Product vscode-stripe
Weakness CWE-74
Published April 1, 2021
Last update August 3, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

Key dates

02Disclosure timeline

April 1, 2021 CVE published
August 3, 2024 Record updated