Skip to content

Elevation of privilege in .NET Install Tool for Extension Authors

Moderate
sfoslund published GHSA-wx46-m3p3-whv8 Jul 13, 2021

Package

vscode-dotnet-runtime (Visual Studio Marketplace)

Affected versions

-1.1.0

Patched versions

1.2.0-

Description

Impact

Due to inaccurately scoped permissions being set on downloaded .NET install scripts, users are vulnerable to an elevation of privileges attack.

Patches

This problem has been patched in version 1.2.0.

Resources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34477

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2021-34477

Weaknesses

No CWEs