VS Code - Remote Code Execution Vulnerability
A remote code execution vulnerability exists in VS Code Copilot Chat 0.37.2 and earlier versions where a prompt-injected agent could ask the user to open or fetch malicious URLs with look-alike characters to trusted URLs.
Patches
The fix is available starting with VS Code Copilot Chat 0.37.3. The fix mitigates this attack by punycode encoding URLs appropriately when presenting them to the user.
Workarounds
Do not approve fetch requests or open URLs from agent sessions which may have been subject to prompt injection attacks in Copilot Chat version 0.37.2 or earlier.
References
VS Code - Remote Code Execution Vulnerability
A remote code execution vulnerability exists in VS Code Copilot Chat 0.37.2 and earlier versions where a prompt-injected agent could ask the user to open or fetch malicious URLs with look-alike characters to trusted URLs.
Patches
The fix is available starting with VS Code Copilot Chat 0.37.3. The fix mitigates this attack by punycode encoding URLs appropriately when presenting them to the user.
Workarounds
Do not approve fetch requests or open URLs from agent sessions which may have been subject to prompt injection attacks in Copilot Chat version 0.37.2 or earlier.
References