Products > Security
Visual Studio Code for Linux: Remote Code Execution Vulnerability
madires:
This one is too funny. >:D
Visual Studio Code for Linux Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601
Nominal Animal:
--- Quote ---Attack vector: Network
--- End quote ---
Whut?
[After investigating for a bit:]
Explanation, patch: Insufficient parameter/file checking in TypeScript code when saving files requiring elevated privileges (stuff done via sudo).
So, just your garden-variety "we'll just pass along these file names you supplied as-is to our copy-file-using-sudo command, she'll be alright, nobody will try any shenanigans I'm sure" type of idiocy.
SiliconWizard:
No input validation and let's throw some sudo on top of it.
I would definitely trust MS code.
magic:
Microsoft is backdooring Linux :scared:
Next thing, they will start contributing to systemd and add something similar >:D
Nominal Animal:
You mean like CVE-2021-3560 or CVE-2020-1712 and others?
Navigation
[0] Message Index
[#] Next page
Go to full version