CVE-2022-30129 – This vulnerability allows remote code execution... (How to Fix)

Q: What is the severity of CVE-2022-30129?

CVE-2022-30129 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote code execution in Visual Studio Code through argument injection in the 'code' command-line tool. Attackers can craft malicious arguments that execute arbitrary commands when developers open files or URLs. All users running vulnerable versions of VS Code are affected.

📋 TL;DR

This vulnerability allows remote code execution in Visual Studio Code through argument injection in the 'code' command-line tool. Attackers can craft malicious arguments that execute arbitrary commands when developers open files or URLs. All users running vulnerable versions of VS Code are affected.

💻 Affected Systems

Products:

Visual Studio Code

Versions: Versions prior to 1.67.0

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction - typically triggered when opening malicious files or URLs with the 'code' command.

📦 What is this software?

Visual Studio Code by Microsoft

View all CVEs affecting Visual Studio Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the developer's machine, allowing data theft, lateral movement, and persistence.

🟠

Likely Case

Local privilege escalation leading to execution of malicious code in the context of the current user, potentially stealing credentials and sensitive development artifacts.

🟢

If Mitigated

Limited impact with proper execution controls and network segmentation, potentially only affecting isolated development environments.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is straightforward once the malicious argument is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.67.0 and later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129

Restart Required: Yes

Instructions:

1. Open VS Code. 2. Go to Help > Check for Updates. 3. Install update to version 1.67.0 or later. 4. Restart VS Code.

🔧 Temporary Workarounds

Disable automatic file opening

all

Prevent VS Code from automatically opening files via command-line arguments

Use alternative editors for untrusted files

all

Open files from untrusted sources with basic text editors instead of VS Code

🧯 If You Can't Patch

Restrict execution of 'code' command to trusted users only
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check VS Code version via Help > About or run 'code --version' in terminal

Check Version:

code --version

Verify Fix Applied:

Confirm version is 1.67.0 or higher using 'code --version' command

📡 Detection & Monitoring

Log Indicators:

Unusual command-line arguments passed to VS Code process
Suspicious child processes spawned from code.exe

Network Indicators:

Outbound connections from VS Code to unexpected destinations

SIEM Query:

Process creation where parent process contains 'code' and command line contains suspicious arguments

📊 Metadata

CVE ID: CVE-2022-30129

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: May 10, 2022

Last Updated: January 2, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30129
https://blog.sonarsource.com/securing-developer-tools-argument-injection-in-vscode/ Exploit,Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON