CVE-2020-17023

Name of the Vulnerable Software and Affected Versions: Visual Studio Code (affected versions not specified)

Description: A remote code execution issue exists when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploits this could run arbitrary code in the context of the current user. If the current user has administrative rights, an attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code, executing attacker-specified code when the malicious 'package.json' file is opened.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.