Products > Security

Visual Studio Code for Linux: Remote Code Execution Vulnerability

(1/3) > >>

madires:
This one is too funny. >:D

Visual Studio Code for Linux Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601

Nominal Animal:

--- Quote ---Attack vector: Network
--- End quote ---
Whut?

[After investigating for a bit:]

Explanation, patch: Insufficient parameter/file checking in TypeScript code when saving files requiring elevated privileges (stuff done via sudo).

So, just your garden-variety "we'll just pass along these file names you supplied as-is to our copy-file-using-sudo command, she'll be alright, nobody will try any shenanigans I'm sure" type of idiocy.

SiliconWizard:
No input validation and let's throw some sudo on top of it.

I would definitely trust MS code.

magic:
Microsoft is backdooring Linux :scared:
Next thing, they will start contributing to systemd and add something similar >:D

Nominal Animal:
You mean like CVE-2021-3560 or CVE-2020-1712 and others?

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod