Impact
A vulnerability exists in VS Code 1.77.0 and earlier versions where escape sequences implemented by VS Code to support shell integration allow for a previously run command line to be replaced. As such, a user could be running a changed command unexpectedly when they use re-run command.
Patches
The fix is available starting with VS Code 1.77.1. The fix (6740c2e) mitigates this by showing the user a notification with the command that is to be run and requires their approval to do so.
References
Impact
A vulnerability exists in VS Code 1.77.0 and earlier versions where escape sequences implemented by VS Code to support shell integration allow for a previously run command line to be replaced. As such, a user could be running a changed command unexpectedly when they use
re-run command.Patches
The fix is available starting with VS Code 1.77.1. The fix (6740c2e) mitigates this by showing the user a notification with the command that is to be run and requires their approval to do so.
References