CVE Daily โ€“ Bazel (High+Critical) https://cvedaily.com/pages/tags/bazel.html CVE Daily โ€“ Bazel (High+Critical) en Wed, 03 Jun 2026 21:27:08 +0000 [High] CVE-2021-22539 โ€“ An attacker can place a crafted JSON config file into the project folder pointin... https://nvd.nist.gov/vuln/detail/CVE-2021-22539 https://nvd.nist.gov/vuln/detail/CVE-2021-22539 Fri, 16 Apr 2021 11:15:12 +0000 High CVE-2021-22539

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.

CVSS: 8.2 ยท CWE: CWE-73

View on NVD

]]>