CVE-2020-16881

Name of the Vulnerable Software and Affected Versions: Visual Studio Code (affected versions not specified)

Description: A remote code execution issue exists when a user opens a malicious 'package.json' file, allowing an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this, an attacker must convince a target to clone a repository and open it in Visual Studio Code, triggering the execution of attacker-specified code when the malicious 'package.json' file is opened.

Recommendations: To resolve the issue, update Visual Studio Code to a version that modifies the way it handles JSON files, addressing the vulnerability. At the moment, there is no information about a specific newer version that contains a fix for this vulnerability.