Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2023-36867

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code - Github Pull Requests And Issues Extension
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-36867?

A vulnerability in the Visual Studio Code GitHub Pull Requests and Issues Extension allows attackers to execute arbitrary code on the user's system, potentially compromising the integrity of the development environment. This security flaw can be exploited if users install malicious code via the affected extension, leading to unauthorized access and data breaches. Users are strongly advised to monitor updates and apply security patches from Microsoft as necessary.

Affected Version(s)

Visual Studio Code - GitHub Pull Requests and Issues Extension Unknown 0.1.1 < 0.66.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 27, 2023