2 comments

[ 2.2 ms ] story [ 17.0 ms ] thread
VSCode version 1.31 in January 2019 included a security update to address this issue.

The following is a more direct link with pertinent info: https://portal.msrc.microsoft.com/en-US/security-guidance/ad...

The heart of it is: "To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal."

Thank you very much for the link and explaining this.