cvedb.io
CVE-2022-35975
CRITICAL · CVSS 9
EPSS exploitation probability: 0%
Published 2022-08-18T18:15:08.250 · Last modified 2026-06-17T04:52:38.153

Summary

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that are shared amongst other users are affected by this issue. The only safe mitigation is to update to the latest version of the extension.

Affected products

weave — gitops_tools

Does this affect you?

Add your gear to cvedb and we'll alert you only when weave ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.