Remote Code Execution Vulnerability Discovered in Visual Studio Code (coocoor.com) 14 points by robin0 7y ago ↗ HN
[–] lioeters 7y ago ↗ VSCode version 1.31 in January 2019 included a security update to address this issue.The following is a more direct link with pertinent info: https://portal.msrc.microsoft.com/en-US/security-guidance/ad...The heart of it is: "To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal." [–] robin0 7y ago ↗ Thank you very much for the link and explaining this.
2 comments
[ 2.2 ms ] story [ 17.0 ms ] threadThe following is a more direct link with pertinent info: https://portal.msrc.microsoft.com/en-US/security-guidance/ad...
The heart of it is: "To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal."