应用安全公司OX Security发现，四个广泛使用的VS Code扩展存在严重安全漏洞，累计下载量达1.28亿次，可能导致文件窃取、远程代码执行和本地网络侦察。这些漏洞包括Live Server的关键级漏洞、Code Runner的高危漏洞等，攻击者可通过恶意链接或文件触发攻击，威胁开发者工作站安全。

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...