Microsoft Visual Studio Code, an open source code editor from Microsoft, has a security vulnerability in versions prior to Visual Studio Code 1.3.0, which stems from an unofficial vcode -phpmd (aka PHP) extension to Visual Studio Code. Chaos Detector) extension to Visual Studio Code is faulty. An attacker could exploit this vulnerability to execute arbitrary code via a specially crafted phpmd.command value.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft visual studio code | lt | 1.3.0 |