Remote code execution in Microsoft Visual Studio Code ESLint Extention

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesMicrosoft

Exploit availability: No Description. CWE-20 – Improper Input Validation The vulnerability allows a remote attacker to execute arbitrary code on the system. The vulnerability exists due to insufficient validation of user-supplied input in the ESLint extension for Visual Studio Code when it validates source code after opening a project.