
Remote Code Execution Vulnerability Discovered in Visual Studio Code - robin0
https://coocoor.com/advisory/cve/CVE-2019-0728
======
lioeters
VSCode version 1.31 in January 2019 included a security update to address this
issue.

The following is a more direct link with pertinent info:
[https://portal.msrc.microsoft.com/en-US/security-
guidance/ad...](https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/CVE-2019-0728)

The heart of it is: "To exploit this vulnerability, an attacker would need to
convince a target to clone a repository and open it in Visual Studio Code.
Attacker-specified code would execute when the target opened the integrated
terminal."

~~~
robin0
Thank you very much for the link and explaining this.

