Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: vscode-extensions.visualstudioexptteam.vscodeintellicode

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-6384
created 6 months ago
Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

References

Affected products

Studio
  • <4.3.0

Matching in nixpkgs

Package maintainers

Permalink CVE-2023-26020
5.7 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.

References

Affected products

Studio
  • =<4.0.1
  • =<3.1.26

Matching in nixpkgs

Package maintainers