CVE-2021-27084
published 2021-03-11CVE-2021-27084: Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
PriorityP356high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
61.36%
99.1th percentile
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code_java_extension_pack | >= 0.5.0 < publication | publication |
| msrc | visual_studio_code_java_extension_pack | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cqr6-rvq6-jg2c: Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-27084 [HIGH] GHSA-cqr6-rvq6-jg2c: Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Microsoft
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
vendor_msrc·2021-03-09·CVSS 7.8
CVE-2021-27084 [HIGH] Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code: Visual Studio Code
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: http://marketplace.visualstudio.com/items?itemName=vscjava.vscode-maven
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-11
Published