Security News > 2020 > October > Magento, Visual Studio Code users: You need to patch!

Magento, Visual Studio Code users: You need to patch!
2020-10-19 13:24

Microsoft and Adobe released out-of-band security updates for Visual Studio Code, the Windows Codecs Library, and Magento.

Microsoft has fixed CVE-2020-17023, a remote code execution vulnerability in Visual Studio Code, its free and extremely popular source-code editor that's available for Windows, macOS and Linux.

"To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file," Microsoft explained.

"Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update," the company noted, and explained that "Servicing for store apps/components does not follow the monthly 'Update Tuesday' cadence, but are offered whenever necessary."

After fixing just one Adobe Flash Player flaw on October 2020 Patch Tuesday, Adobe has followed up with security updates for several Magento Commerce and Magento Open Source versions.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/CdYfv9BTkRk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-17023 Unspecified vulnerability in Microsoft Visual Studio Code
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file.
local
low complexity
microsoft
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 4 106 68 28 206