CVE-2021-26700
The CVE affects the Visual Studio Code npm-script Extension (eg2.vscode-npm-script). A malicious project can cause the extension to execute commands when a user views package.json, via a crafted repository and settings.json, enabling remote code execution in the user’s context. Public exploitatio...