Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

3 hours ago [email protected] (The Hacker News)
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks


Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.
“The pipeline had a single boolean return value that meant both ‘no scanners are configured’ and ‘all scanners failed to run,'” Koi

The post “Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

9 hours ago [email protected] (The Hacker News)

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

1 day ago [email protected] (The Hacker News)

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

1 day ago [email protected] (The Hacker News)

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

2 days ago [email protected] (The Hacker News)

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

2 days ago [email protected] (The Hacker News)

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

3 days ago [email protected] (The Hacker News)