New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote host has an application installed that is missing a security update.
DescriptionAn input-validation flaw exists in Visual Studio Code Maven Extension related to processing environment variables after opening a project that allows remote code execution. An attacker can convince a user to clone a specified repository and to open it in Visual Studio Code leading to code execution.
The update addresses the vulnerability by modifying the way the Visual Studio Code Maven Extension handles environment variables.
SolutionPlease see Microsoft security advisory for patch-information