CVE-2023-21779 HIGH

CVE-2023-21779: Visual Studio Code Remote Code Execution Vulnerability

Vendor Microsoft
Product Visual Studio Code
Weakness CWE-502 · Unsafe deserialization
Published January 10, 2023
Last update January 1, 2025
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Visual Studio Code Remote Code Execution Vulnerability

Key dates

02Disclosure timeline

January 10, 2023 CVE published
January 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs CVE-2026-27369 WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability