CVE-2023-46944

Name of the Vulnerable Software and Affected Versions GitKraken GitLens versions prior to 14.0.0

Description The issue is related to insufficient input validation in the GitKraken GitLens plugin for Visual Studio Code, allowing an attacker to execute arbitrary code via a crafted file. This can be exploited by an attacker to gain unauthorized access and execute malicious code.

Recommendations For versions prior to 14.0.0, update to version 14.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Visual Studio Code workspace trust component to minimize the risk of exploitation. Avoid using crafted files that could potentially exploit the insufficient input validation in the GitKraken GitLens plugin.