Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks Open VSX's pre-publish scanning pipeline contained a bug that misinterpreted scanner failures as "no scanners configured," allowing a malicious VS Code extension to pass vetting and go live. The flaw, dubbed Open Sesame, could be triggered by flooding the publish endpoint to exhaust the database connection pool and was fixed in...

A bug in Open VSX’s pre-publish scanner let malicious VS Code extensions bypass security checks by misclassifying failures as no scanners configured. Fixed in version 0.32.0. #OpenSesame #CodeSecurity #SoftwareFlaw