CVE-2021-28473: 
Visual Studio Code vulnerability analysis and mitigation

Visual Studio Code was found to contain a Remote Code Execution vulnerability identified as CVE-2021-28473. This vulnerability was discovered and reported to Microsoft Corporation, with the initial CVE record being created on March 15, 2021. The vulnerability affects Microsoft Visual Studio Code versions up to (but not including) 1.55.2 (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction, but no privileges, and can result in high impacts to confidentiality, integrity, and availability. Under CVSS v2.0, it received a base score of 6.8 (Medium) with the vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system, potentially compromising the confidentiality, integrity, and availability of the system. The high CVSS score indicates serious potential consequences if the vulnerability is exploited (NVD).

Microsoft has released a security update to address this vulnerability. Users are advised to upgrade to Visual Studio Code version 1.55.2 or later to mitigate this security risk (NVD).