GHSA-C4R5-FXQW-VH93 Ruby LSP has arbitrary code execution through branch setting
Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...