VS Code - Local escalation of priviledge vulnerability
A vulnerability exists in VS Code 1.97.0 and earlier versions where an attacker with write permissions on certain common directories can place a binary that would be executed automatically by the JavaScript debugger. This requires an attacker to be able to create and modify files on the user's machine.
Patches
The fix is available starting with VS Code 1.97.1. The fix mitigates this by not resolving node_modules binaries outside of the workspace foler.
Workarounds
Specify absolute paths for the runtimeExecutable whenever you launch a program with the JavaScript debugger.
References
VS Code - Local escalation of priviledge vulnerability
A vulnerability exists in VS Code 1.97.0 and earlier versions where an attacker with write permissions on certain common directories can place a binary that would be executed automatically by the JavaScript debugger. This requires an attacker to be able to create and modify files on the user's machine.
Patches
The fix is available starting with VS Code 1.97.1. The fix mitigates this by not resolving node_modules binaries outside of the workspace foler.
Workarounds
Specify absolute paths for the
runtimeExecutablewhenever you launch a program with the JavaScript debugger.References