The VS Code Extension Marketplace features about 25,000 extensions. A vulnerable VS Code Extensions Marketplace This new VS Code extensions supply chain security threat has the potential to become a new attack playground, potentially impacting over 2,000,000 developers. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link. But now, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions and then interact with a malicious actor. ![]() Until recently, no security vulnerabilities had been discovered in VS Code extensions, creating a sense of security for millions of developers. What can we do about it? Mitigating VS Code extensions security concerns.Security research disclosure: Snyk releases Visual Studio Code supply chain security research findings. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |