CVE-2021-21420 — HIGH (7.5)

Q: How severe is CVE-2021-21420?

CVE-2021-21420 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-21420?

Check the references section above for vendor advisories and patch information. Affected products include: Stripe Stripe.

Vulnerability Description

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Stripe	Stripe	< 1.7.3

Related Weaknesses (CWE)

CWE-74

References

https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3Third Party Advisory
https://github.com/stripe/vscode-stripe/security/advisories/GHSA-j6x4-4622-8vv3Third Party Advisory

FAQ

What is CVE-2021-21420?

CVE-2021-21420 is a vulnerability with a CVSS score of 7.5 (HIGH). vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings....

How severe is CVE-2021-21420?

CVE-2021-21420 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21420?

Check the references section above for vendor advisories and patch information. Affected products include: Stripe Stripe.