Rohitcoder

**Name of the Vulnerable Software and Affected Versions** Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3 Wiz (legacy) Visual Studio Code extension versions 0.13.0 through 0.17.8 **Description** The issue allows for local command injection when a user opens a maliciously crafted Dockerfile in a "trusted folder" within Visual Studio Code and initiates a manual scan of the file. **Recommendations** For Wiz Code Visual Studio Code extension versions 1.0.0 through 1.5.3, update to a version outside of this range to resolve the issue. For Wiz (legacy) Visual Studio Code extension versions 0.13.0 through 0.17.8, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of manual scans on Dockerfiles from untrusted sources until a patch is available.