CVE-2021-30503

moderate-risk
Published 2021-04-13

The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.

Do I need to act?

~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: da03700894d9ec85d7b957ef0d7de07660c660dc, 3effba525bdff7d4257e66a6815ff956d2bce8ac
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Glsl Linting

Affected Vendors

Glsl Linting Project

References (6)

Patch https://github.com/hsimpson/vscode-glsllint/commit/3effba525bdff7d4257e66a6815ff...
Release Notes https://marketplace.visualstudio.com/items/CADENAS.vscode-glsllint/changelog#:~:...
Third Party Advisory https://vuln.ryotak.me/advisories/27
Patch https://github.com/hsimpson/vscode-glsllint/commit/3effba525bdff7d4257e66a6815ff...
Release Notes https://marketplace.visualstudio.com/items/CADENAS.vscode-glsllint/changelog#:~:...
Third Party Advisory https://vuln.ryotak.me/advisories/27
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal