VS Code - Remote Code Execution Vulnerability
A remote code execution vulnerability exists in VS Code Copilot Chat 0.37.2 and earlier versions where a prompt-injected agent using a GPT family model could bypass the "sensitive file" approval mechanism.
Patches
The fix is available starting with VS Code Copilot Chat 0.37.3. The fix mitigates this attack by performing proper validation on the apply_patch input.
Workarounds
Do not use GPT family models on agent sessions which may have been subject to prompt injection attacks in Copilot Chat version 0.37.2 or earlier.
References
VS Code - Remote Code Execution Vulnerability
A remote code execution vulnerability exists in VS Code Copilot Chat 0.37.2 and earlier versions where a prompt-injected agent using a GPT family model could bypass the "sensitive file" approval mechanism.
Patches
The fix is available starting with VS Code Copilot Chat 0.37.3. The fix mitigates this attack by performing proper validation on the apply_patch input.
Workarounds
Do not use GPT family models on agent sessions which may have been subject to prompt injection attacks in Copilot Chat version 0.37.2 or earlier.
References