Visual Studio Code
Monthly
Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.
GitHub Copilot and Visual Studio Code are vulnerable to command injection attacks that allow unauthenticated attackers to bypass security features over the network through improper neutralization of special command elements. The vulnerability requires user interaction to exploit and could enable attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. No patch is currently available for this issue.
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.
GitHub Copilot and Visual Studio Code are vulnerable to command injection attacks that allow unauthenticated attackers to bypass security features over the network through improper neutralization of special command elements. The vulnerability requires user interaction to exploit and could enable attackers to execute arbitrary commands with high impact on confidentiality, integrity, and availability. No patch is currently available for this issue.
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.