Description
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Unchanged
RL
O
RC
Changed
Affected products
- Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.16
- Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.9
- Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.5
- Microsoft / Microsoft Visual Studio 2022 version 17.817.8.0 – 17.8.22