Microsoft: >> Visual Studio Code Security Vulnerabilities
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
CVSS Score
7.8
EPSS Score
0.112
Published
2019-03-05
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.048
Published
2018-06-26
Page 6