Sanitize notebook mime types in error messages #170992

mjbvz · 2023-01-10T18:29:48Z

VS Code - Remote Code Execution Vulnerability

A remote code execution vulnerability exists in VS Code 1.74.2 and earlier versions where opening a maliciously crafted notebook allows script execution inside of notebook's iframe. This works in untrusted workspaces and only requires that the user open the notebook. The executed script is run inside of an isolated iframe, however it is possible an attacker could combine this with additional exploits to break out of the iframe

Patches

The fix is available starting with VS Code 1.74.3. The fix (5b8361b) mitigates this attack by more safely constructing html instead

Workarounds

Do not open notebooks from untrusted sources

References

The patch for this can be found at 5b8361b
An advisory for this can be found at GHSA-p996-wrgh-crrj
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21779

The text was updated successfully, but these errors were encountered:

mjbvz added this to the November 2022 Recovery 3 milestone Jan 10, 2023

mjbvz changed the title ~~Sanitize notebook mime types~~ Sanitize notebook mime types in error messages Jan 10, 2023

mjbvz closed this as completed Jan 10, 2023

mjbvz added verified Verification succeeded security labels Jan 10, 2023

github-actions bot locked and limited conversation to collaborators Feb 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sanitize notebook mime types in error messages #170992

Sanitize notebook mime types in error messages #170992

mjbvz commented Jan 10, 2023 •

edited

Loading

Sanitize notebook mime types in error messages #170992

Sanitize notebook mime types in error messages #170992

Comments

mjbvz commented Jan 10, 2023 • edited Loading

VS Code - Remote Code Execution Vulnerability

Patches

Workarounds

References

mjbvz commented Jan 10, 2023 •

edited

Loading