FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-06 18:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cbf5d976-656b-4bb6-805f-3af038e2de3e	vscode -- multiple vulnerabilities VSCode developers report: The update addresses these issues, including a fix for a security vulnerability. Scope node_module binary resolution in js-debug Elevation of Privilege Vulnerability with VS Code server for web UI Discovery 2025-02-11 Entry 2025-02-13 vscode < 1.97.1 CVE-2025-24042 https://github.com/microsoft/vscode/security/advisories/GHSA-f85p-3684-2g3j CVE-2025-24039 https://github.com/microsoft/vscode/security/advisories/GHSA-532g-4pv9-25f2
6f10b49d-07b1-4be4-8abf-edf880b16ad2	vscode -- security feature bypass vulnerability VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request. Discovery 2025-05-13 Entry 2025-05-14 vscode < 1.100.1 CVE-2025-21264 https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264

VuXML ID

Description

cbf5d976-656b-4bb6-805f-3af038e2de3e

vscode -- multiple vulnerabilities

VSCode developers report:

The update addresses these issues, including a fix for a security vulnerability.

Scope node_module binary resolution in js-debug

Elevation of Privilege Vulnerability with VS Code server for web UI

Discovery 2025-02-11
Entry 2025-02-13
vscode

< 1.97.1

CVE-2025-24042
https://github.com/microsoft/vscode/security/advisories/GHSA-f85p-3684-2g3j
CVE-2025-24039
https://github.com/microsoft/vscode/security/advisories/GHSA-532g-4pv9-25f2

6f10b49d-07b1-4be4-8abf-edf880b16ad2

vscode -- security feature bypass vulnerability

VSCode developers report:

A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the #fetch tool in Chat, this scenario would require the attacker to convince an LLM (via prompt injection) to fetch the maliciously crafted URL but when fetched, the user would have no moment to confirm the flighting of the request.

Discovery 2025-05-13
Entry 2025-05-14
vscode

< 1.100.1

CVE-2025-21264
https://github.com/microsoft/vscode/security/advisories/GHSA-742r-ggwg-vqxm
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264