CVE Vulnerabilities for Microsoft Visual Studio Code
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2021‑34479 | 2021‑07‑14 18:15:11 | HIGH (8) | Microsoft Visual Studio Spoofing Vulnerability | 2 | 6 | LOCAL |
| CVE‑2020‑16977 | 2020‑10‑16 23:15:17 | HIGH (7) | <p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p> | 1 | 6 | LOCAL |
| CVE‑2020‑1192 | 2020‑05‑21 23:15:19 | HIGH (8) | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171. | 2 | 6 | LOCAL |
| CVE‑2020‑1171 | 2020‑05‑21 23:15:18 | HIGH (9) | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192. | 3 | 6 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.