VSCode version 1.31 in January 2019 included a security update to address this issue.<p>The following is a more direct link with pertinent info: <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0728" rel="nofollow">https://portal.msrc.microsoft.com/en-US/security-guidance/ad...</a><p>The heart of it is: "To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal."