vulnerability
FreeBSD: VID-4bc66a81-89d2-4696-a04b-defd2eb77783 (CVE-2023-36742): vscode -- VS Code Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Sep 13, 2023 | Sep 13, 2023 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Sep 13, 2023
Added
Sep 13, 2023
Modified
Dec 10, 2025
Description
VSCode developers report: Visual Studio Code Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacker to get the VS Code user to open the malicious project and have get the user to open and work with malformed entries in the dependencies sections of the package.json file. VS Code uses the locally installed npm command to fetch information on package dependencies. A package dependency can be named in such a way that the npm tool runs a script instead.
Solution
freebsd-upgrade-package-vscode
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.