=============================================
- Discovered by: Dawid Golunski (@dawid_golunski)
- dawid[at]legalhackers.com
- https://legalhackers.com
- https://exploitbox.io

- CVE-2020-27955
- Release date: 04.11.2020
- Revision 1.0
- Severity: Critical
=============================================


VULNERABILITY
-------------------------

Visual Studio Code Remote Code Execution (RCE) CVE-2020-27955 (git-lfs)


BACKGROUND
-------------------------

"Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. Features include support for debugging, syntax highlighting, intelligent code completion, snippets, code refactoring, and embedded Git. "

https://code.visualstudio.com/



Video PoC
-------------------------




Advisories
-------------------------
Git RCE Expoit CVE-2020-27955 
Git-LFS RCE exploit CVE-2020-27955 



Exploits / PoC repos
-------------------------

Git / git-lfs - RCE exploit CVE-2020-27955 - GO version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - BAT/powershell version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - Go version






                                              

    COMING SOON █