CVE-2021-27083
published 2021-03-11CVE-2021-27083: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
PriorityP356high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
63.45%
99.1th percentile
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code_remote_containers_extension | >= 1.0.0 < 1.5.4 | 1.5.4 |
| msrc | visual_studio_code_remote_containers_extension | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 7.8
CVE-2021-27083 [HIGH] Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code: Visual Studio Code
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers
GHSA
GHSA-3hf8-77g6-rmgm: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-27083 [HIGH] GHSA-3hf8-77g6-rmgm: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-11
Published