Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3474 | 1 Google | 1 Bazel | 2022-10-28 | N/A | 4.3 MEDIUM |
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | |||||
CVE-2021-22539 | 1 Google | 1 Bazel | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. |