Adityasharad

**Name of the Vulnerable Software and Affected Versions** CodeQL extension versions prior to 1.0.1 **Description** The issue allows an attacker to execute arbitrary code on a user's system if the user opens a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active. **Recommendations** For versions prior to 1.0.1, upgrade to version 1.0.1 of the CodeQL extension using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, ensure the codeQL.cli.executablePath setting is only set in the per-user settings.