CVE-2021-28790: 
Homebrew vulnerability analysis and mitigation

The SwiftLint extension before version 1.4.5 for Visual Studio Code contained a critical security vulnerability that allowed remote attackers to execute arbitrary code. The vulnerability could be exploited by constructing a malicious workspace with a crafted swiftlint.path configuration value that would trigger code execution when the workspace was opened (Vuln DB, NVD).

The vulnerability was identified as CWE-284 (Improper Access Control) and assigned a CVSS v3.1 base score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue stemmed from insufficient validation of the swiftlint.path configuration value in workspace settings, which could be manipulated to execute arbitrary binaries (NVD, Vuln DB).

Successful exploitation of this vulnerability could allow attackers to achieve arbitrary code execution in the context of the current user when a victim opens a malicious workspace. This could potentially lead to complete compromise of the affected system, allowing attackers to execute commands, access sensitive data, or gain further system access (NVD).

The vulnerability was fixed in SwiftLint extension version 1.4.5. The fix involved banning certain configurations from workspace settings, specifically preventing the swiftlint.path configuration from being overridden in workspaces (GitHub Release).