CVE编号
CVE-2020-1481利用情况
暂无补丁情况
N/A披露时间
2020-07-14漏洞描述
Microsoft Visual Studio Code是美国微软(Microsoft)公司的一款开源的代码编辑器。<br /> Microsoft Visual Studio Code ESLint Extention存在远程代码执行漏洞。攻击者可利用该漏洞在当前用户的上下文中运行任意代码。如果当前用户使用管理用户权限登录,攻击者可控制受影响的系统、安装程序、查看,更改或删除数据、创建具有完全用户权限的新帐户。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1481
参考链接 |
|
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1481 | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1481 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | microsoft | visual_studio_code_eslint_extension | * |
Up to (excluding) 2.1.7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | mariadb | * |
Up to (excluding) 10.3.27-3.1.al8 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | mariadb | * |
Up to (excluding) 10.3.27-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | mariadb | * |
Up to (excluding) 10.4.17-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | mariadb | * |
Up to (excluding) 10.4.17-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | mariadb | * |
Up to (excluding) 10.5.8-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | mariadb | * |
Up to (excluding) 10.5.8-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | mariadb | * |
Up to (excluding) 8.0.26-1.module+el8.4.0+12359+b8928c02 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | mariadb | * |
Up to (excluding) 1:10.3.27-0+deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | mariadb | * |
Up to (excluding) 10.3.24-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | mariadb | * |
Up to (excluding) 10.1.48-0+deb9u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | mariadb | * |
Up to (excluding) 10.3.24-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | mariadb | * |
Up to (excluding) 25.3.31-1.fc31 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31_Modular | mariadb | * |
Up to (excluding) 10.4-3120201105044233.f636be4b |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | mariadb | * |
Up to (excluding) 26.4.6-1.fc32 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32_Modular | mariadb | * |
Up to (excluding) 10.4-3220201105044233.43bbeeef |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33 | mariadb | * |
Up to (excluding) 26.4.6-1.fc33 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33_Modular | mariadb | * |
Up to (excluding) 10.4-3320201112123346.601d93de |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | mariadb | * |
Up to (excluding) 10.2.36-lp151.2.18.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | mariadb | * |
Up to (excluding) 3.1.11-lp152.4.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | mariadb | * |
Up to (excluding) 10.3.27-3.module+el8.3.0+7885+7a81225f |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | mariadb | * |
Up to (excluding) 8.0.26-1.module+el8.4.0+12359+b8928c02 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | mariadb | * |
Up to (excluding) 10.2.36-3.33.1 |
|||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 需要
- 可用性 高
- 保密性 高
- 完整性 高
还没有评论,来说两句吧...