Microsoft: >> Github Copilot Chat Security Vulnerabilities
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-11
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-11-11