A significant vulnerability was discovered in the Open VSX marketplace, which could allow attackers to gain full control over millions of developer machines by publishing malicious updates to extensions. This flaw, rooted in a CI issue, underscores the risks associated with untrusted third-party software in development environments.
open-vsx ✓
security ✓
vulnerability ✓
supply-chain ✓
+ extensions