Vulnerability Description
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bazel | >= 0.1.0, < 0.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1Broken Link
- https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgThird Party Advisory
- https://github.com/bazelbuild/vscode-bazel-ghsa-2rcw-j8x4-hgcv/pull/1Broken Link
- https://github.com/bazelbuild/vscode-bazel/security/advisories/GHSA-2rcw-j8x4-hgThird Party Advisory
FAQ
What is CVE-2021-22539?
CVE-2021-22539 is a vulnerability with a CVSS score of 8.2 (HIGH). An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...
How severe is CVE-2021-22539?
CVE-2021-22539 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22539?
Check the references section above for vendor advisories and patch information. Affected products include: Google Bazel.