Vulnerability DatabaseCVE-2020-17163

CVE-2020-17163:
Visual Studio Code vulnerability analysis and mitigation

Overview

A Remote Code Execution vulnerability was identified in Microsoft's Visual Studio Code Python Extension, tracked as CVE-2020-17163. The vulnerability was initially recorded on August 4, 2020, affecting versions of the Python Extension for Visual Studio Code up to (but not including) version 2020.9.2 (NVD, CVE Mitre).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

Impact

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system, potentially compromising the confidentiality, integrity, and availability of the system with high severity impacts (NVD).

Mitigation and workarounds

Microsoft has addressed this vulnerability by releasing version 2020.9.2 of the Python Extension for Visual Studio Code. Users are advised to update to this version or later to mitigate the vulnerability (NVD).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.8

Score

Published December 29, 2023

Severity HIGH

CNA Score 7.8

Affected Technologies

Visual Studio Code
Python Interpreter

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 72.6

Exploitation Probability (EPSS) 0.7

Affected packages and libraries

python
cpe:2.3:a:microsoft:python_extension:*:*:*:*:*:visual_studio_code:*:*

Sources

Nix
- Nix Severity HIGHHas FixAdded at: Oct 28, 2025
NVD
- Linux Severity HIGHHas FixAdded at: Dec 23, 2024
- Windows Severity HIGHHas FixAdded at: Dec 23, 2024

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Visual Studio Code vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-28967	CRITICAL	9.8	NixOS	matlab	No	Yes	Mar 24, 2021
CVE-2024-26165	HIGH	8.8	Visual Studio Code	cpe:2.3:a:microsoft:visual_studio_code	No	Yes	Mar 12, 2024
CVE-2020-17163	HIGH	7.8	Visual Studio Code	python	No	Yes	Dec 29, 2023
CVE-2020-17159	HIGH	7.8	Visual Studio Code	cpe:2.3:a:microsoft:visual_studio_code	No	Yes	Dec 10, 2020
CVE-2021-32039	MEDIUM	5.5	MongoDB	cpe:2.3:a:mongodb:mongodb	No	Yes	Jan 20, 2022