Linux Remote Code Execution Vulnerability Affects Microsoft Visual Studio Code
CVE-2024-43601

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code
Vendor: CVE Published:; 8 October 2024

Summary

A remote code execution vulnerability has been identified in Visual Studio Code for Linux. This issue allows an attacker to execute arbitrary code on the affected system through malicious input processed by the application. Users are advised to update to the latest version to mitigate potential exploitation of this vulnerability. Security measures should also be implemented to restrict untrusted code execution, particularly for development environments.

Affected Version(s)

Visual Studio Code Unknown 1.0.0 < 1.94.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 14, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed