The unofficial apple/swift-format extension prior to 1.1.2 for Visual Studio Code allows remote malicious users to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple-swift-format project apple-swift-format |