A remote code execution vulnerability exists in VS Code 1.71 and earlier versions for malicious notebooks. These notebooks could use command uris to execute arbitrary commands, including potentially dangerous commands
Patches
The fix is available starting with VS Code 1.71.1. The fix mitigates this attack by performing input validation on the URL pointing to the repository to be cloned.
Workarounds
Do not open notebooks from untrusted sources.
References
A remote code execution vulnerability exists in VS Code 1.71 and earlier versions for malicious notebooks. These notebooks could use command uris to execute arbitrary commands, including potentially dangerous commands
Patches
The fix is available starting with VS Code 1.71.1. The fix mitigates this attack by performing input validation on the URL pointing to the repository to be cloned.
Workarounds
Do not open notebooks from untrusted sources.
References