Skip to content

Visual Studio Code for Linux Remote Code Execution Vulnerability

High
bpasero published GHSA-g56j-w527-8x6f Oct 8, 2024

Package

No package listed

Affected versions

<1.94.0

Patched versions

1.94.1

Description

A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow.

Patches

The fix is available starting with VS Code 1.94.1. The fix (28000df) mitigates this attack by only allowing elevated save in trusted workspaces and hardening how arguments are passed around.

Workarounds

A way to avoid the vulnerability without updating is to not use the elevated save flow.

References

Severity

High

CVE ID

CVE-2024-43601

Weaknesses

No CWEs