Описание
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
The AV:N rating indicates the vulnerability is exploitable over the network, meaning an attacker can deliver a malicious prompt remotely without prior access, while UI:R means a user must interact with Copilot for exploitation to occur. Due to prompt injection, the system is coerced into executing attacker-controlled instructions, which can escalate into remote code execution (RCE) when the compromised prompt causes backend components or integrated tools to run unintended commands.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Visual Studio Code | ||
| Microsoft Visual Studio Code CoPilot Chat Extension |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8 High
CVSS3
Связанные уязвимости
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»), позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3