VS Code Terminal Auto Replies Configuration Cross-Workspace Code Execution
A vulnerability exists in VS Code 1.109 and earlier versions where terminal.integrated.autoReplies can cause commands to be repeatedly auto-executed in previously trusted folders, and the behavior persists across folders until a completely new window is opened.
Patches
The fix is available with VS Code 1.109.1. It marks terminal.integrated.autoReplies as restricted: true, which prevents this behavior from happening.
Workarounds
Do not reuse the window to open folders with automatic tasks. Instead, open a new window.
References
VS Code Terminal Auto Replies Configuration Cross-Workspace Code Execution
A vulnerability exists in VS Code 1.109 and earlier versions where
terminal.integrated.autoRepliescan cause commands to be repeatedly auto-executed in previously trusted folders, and the behavior persists across folders until a completely new window is opened.Patches
The fix is available with VS Code 1.109.1. It marks
terminal.integrated.autoRepliesasrestricted: true, which prevents this behavior from happening.Workarounds
Do not reuse the window to open folders with automatic tasks. Instead, open a new window.
References