CVE-2021-28793

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28793

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28793.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-28793

Published

2021-04-20T13:15:12.493Z

Modified

2026-03-15T22:40:09.515337Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.

References

Affected packages

Git / github.com/vscode-restructuredtext/vscode-restructuredtext

Affected ranges

Type

GIT

Repo

https://github.com/vscode-restructuredtext/vscode-restructuredtext

Events

Introduced

Fixed

b1eaaaf7053cce8975c4d1c5da8aee40fd009b95

Fixed

1dd3e878a5559e3dfe0e48f145c90418b208c5af

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "147.0.0"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.0.18

0.0.19

0.0.2

0.0.20

0.0.21

0.0.22

0.0.23

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

100.*

100.0.0

101.*

101.0.0

102.*

102.0.0

103.*

103.0.0

104.*

104.0.0

105.*

105.0.0

106.*

106.0.0

107.*

107.0.0

108.*

108.0.0

109.*

109.0.0

110.*

110.0.0

111.*

111.0.0

112.*

112.0.0

113.*

113.0.0

114.*

114.0.0

115.*

115.0.0

116.*

116.0.0

117.*

117.0.0

118.*

118.0.0

119.*

119.0.0

120.*

120.0.0

121.*

121.0.0

122.*

122.0.0

123.*

123.0.0

124.*

124.0.0

125.*

125.0.0

126.*

126.0.0

127.*

127.0.0

128.*

128.0.0

129.*

129.0.0

130.*

130.0.0

131.*

131.0.0

132.*

132.0.0

133.*

133.0.0

134.*

134.0.0

135.*

135.0.0

136.*

136.0.0

137.*

137.0.0

138.*

138.0.0

139.*

139.0.0

140.*

140.0.0

141.*

141.0.0

142.*

142.0.0

143.*

143.0.0

144.*

144.0.0

145.*

145.0.0

146.*

146.0.0

24.*

24.0

25.*

25.0

26.*

26.0

27.*

27.0.0

28.*

28.0.0

29.*

29.0.0

30.*

30.0.0

31.*

31.0.0

32.*

32.0.0

33.*

33.0.0

34.*

34.0.0

35.*

35.0.0

36.*

36.0.0

37.*

37.0.0

38.*

38.0.0

39.*

39.0.0

40.*

40.0.0

41.*

41.0.0

42.*

42.0.0

43.*

43.0.0

44.*

44.0.0

45.*

45.0.0

46.*

46.0.0

47.*

47.0.0

48.*

48.0.0

49.*

49.0.0

50.*

50.0.0

51.*

51.0.0

52.*

52.0.0

53.*

53.0.0

54.*

54.0.0

55.*

55.0.0

56.*

56.0.0

57.*

57.0.0

58.*

58.0.0

59.*

59.0.0

60.*

60.0.0

61.*

61.0.0

62.*

62.0.0

63.*

63.0.0

64.*

64.0.0

65.*

65.0.0

67.*

67.0.0

68.*

68.0.0

69.*

69.0.0

70.*

70.0.0

71.*

71.0.0

72.*

72.0.0

73.*

73.0.0

74.*

74.0.0

75.*

75.0.0

76.*

76.0.0

77.*

77.0.0

78.*

78.0.0

79.*

79.0.0

80.*

80.0.0

81.*

81.0.0

82.*

82.0.0

83.*

83.0.0

84.*

84.0.0

85.*

85.0.0

86.*

86.0.0

87.*

87.0.0

88.*

88.0.0

89.*

89.0.0

90.*

90.0.0

91.*

91.0.0

92.*

92.0.0

93.*

93.0.0

94.*

94.0.0

95.*

95.0.0

96.*

96.0.0

97.*

97.0.0

98.*

98.0.0

99.*

99.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28793.json"