FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-23 17:04:23 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6f10b49d-07b1-4be4-8abf-edf880b16ad2	vscode -- security feature bypass vulnerability VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request. Discovery 2025-05-13 Entry 2025-05-14 vscode < 1.100.1 CVE-2025-21264 https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264

VuXML ID

Description

6f10b49d-07b1-4be4-8abf-edf880b16ad2

vscode -- security feature bypass vulnerability

VSCode developers report:

A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.

Discovery 2025-05-13
Entry 2025-05-14
vscode

< 1.100.1

CVE-2025-21264
https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264