XMLLanguageService.java in XML Language Server (aka lsp4xml) prior to 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) prior to 0.9.1 for Visual Studio and other products, allows a remote malicious user to write to arbitrary files via Directory Traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xml language server project xml server project |
||
eclipse wild web developer - |
||
theia xml extension project theia xml extension - |