QwikSec

Security Database

CVE

CWE

Training

CVE-2024-9145

Published: Oct 1, 2024

Modified: Nov 21, 2024

PUBLISHED

Description

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.

Vendor	Product	Versions
Wiz	Wiz Code Visual Studio Code extension	affected `1.0.0 - <= 1.5.3` affected `0.13.0 - <= 0.17.8`

Weaknesses (CWE)

References

https://www.wiz.io/security-advisories

https://marketplace.visualstudio.com/items/WizCloud.wizcli-vscode/changelog

https://marketplace.visualstudio.com/items/WizCloud.wiz-vscode/changelog

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.