Critical Flaw in Open VSX Registry Could Expose Millions of Developers to Supply Chain Attacks

A critical flaw in the Open VSX Registry could allow attackers to hijack the VS Code extensions hub, exposing millions of developers to supply chain attacks. Cybersecurity researchers from Koi Security have discovered a critical vulnerability in the Open VSX Registry (open-vsx.org) that could have allowed attackers to take control of the Visual Studio Code extensions marketplace, endangering millions of developers.