VS Code - Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in VS Code 1.97.0 and earlier versions for users of the code serve-web command on Windows. An attacker can place an evil version of the node module that is optionally required by one of the dependencies for the Visual Studio Code remote server in a world writable directory like C:\node_modules to get it executed under the privileges of the current user.
Patches
The fix is available starting with VS Code 1.97.1. The fix (ebd0778) mitigates this attack by removing common world writable directories from the node module dependency resolution logic.
Workarounds
There are no known workarounds at this time. Do not run code serve-web as an elevated user on a machine where untrusted users can write to the world writable directories.
References
VS Code - Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in VS Code 1.97.0 and earlier versions for users of the
code serve-webcommand on Windows. An attacker can place an evil version of the node module that is optionally required by one of the dependencies for the Visual Studio Code remote server in a world writable directory likeC:\node_modulesto get it executed under the privileges of the current user.Patches
The fix is available starting with VS Code 1.97.1. The fix (ebd0778) mitigates this attack by removing common world writable directories from the node module dependency resolution logic.
Workarounds
There are no known workarounds at this time. Do not run
code serve-webas an elevated user on a machine where untrusted users can write to the world writable directories.References