Francesco Soncina

**Name of the Vulnerable Software and Affected Versions** Visual Studio Code (affected versions not specified) **Description** The issue is related to insufficient access control in Visual Studio Code, allowing an attacker to elevate their privileges. This is due to the exposure of a debug listener to local computer users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc **Description** The issue results from improper restriction of values passed as URL arguments to an invocation of `git ls-remote`, leading to OS command injection. **Recommendations** For Jenkins Git Client Plugin versions 2.8.4 and earlier, update to a version that properly restricts values passed as URL arguments to prevent OS command injection. For Jenkins Git Client Plugin version 3.0.0-rc, update to a version that properly restricts values passed as URL arguments to prevent OS command injection.

Name of the Vulnerable Software and Affected Versions: Pony Mail (affected versions not specified) Description: A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.