VSCode Marketplace can be abused to host malicious extensions
06-Jan-23
Researchers have observed evidence of threat actors already taking use of this flaw and have found it surprisingly simple to publish malicious Visual Studio Code extensions to the VSCode Marketplace. Microsoft’s Visual Studio Code (VSC) is a source-code editor that around 70% of all professional software developers use worldwide.
The VSCode Marketplace, run by Microsoft, is an add-on marketplace for the IDE that sells add-ons that increase the functionality of the programme and provide users more customization possibilities.
