CVE-2020-0604

Name of the Vulnerable Software and Affected Versions Visual Studio Code (affected versions not specified)

Description A remote code execution issue exists when Visual Studio Code processes environment variables after opening a project. An attacker who successfully exploits this could run arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code, with attacker-specified code executing when the target opens the integrated terminal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.