Python extension for Visual Studio Code Remote Code Execution Vulnerability

There is a security vulnerability in the untrusted workspaces flow with specially crafted workspaces.

### Patches

The fix is available starting with 2024.20.0 fix is: https://github.com/microsoft/vscode-python/commit/a16ed6b270792ab952b6996068100a7565d1aa7d

### Workarounds

Check for python executables checked-into SCM before opening untrusted workspaces.

### References
* The patch for this can be found at https://github.com/microsoft/vscode-python/commit/a16ed6b270792ab952b6996068100a7565d1aa7d
* MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050
* Security advisory: https://github.com/microsoft/vscode-python/security/advisories/GHSA-cmrx-fhfp-pq36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Python extension for Visual Studio Code Remote Code Execution Vulnerability #24428

Patches

Workarounds

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Python extension for Visual Studio Code Remote Code Execution Vulnerability #24428

Description

Patches

Workarounds

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions