CVE-2024-9145
Published: 01 October 2024
Summary
CVE-2024-9145 is a high-severity Command Injection (CWE-77) vulnerability in Visualstudio (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, ranked in the top 36.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50278
Vulnerability details
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located…
more
in a path that has been marked as a "trusted folder" within Visual Studio Code, and initiates a manual scan of the file.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.