Home » Database

AVID-2026-R1251

Description

Visual Studio Code Jupyter Extension Spoofing Vulnerability (CVE-2023-36018)

Details

Visual Studio Code Jupyter Extension Spoofing Vulnerability

Reason for inclusion in AVID: CVE-2023-36018 describes a spoofing vulnerability in the Visual Studio Code Jupyter extension, with potential leakage of private data (CWE-359). The VS Code Jupyter extension is a tooling component widely used in AI development workflows (notebooks, data exploration, model prototyping). As such, a vulnerability in this tooling can impact AI software supply chains by affecting the environment used to build, train, package, or run AI systems. The report includes credible sources (NVD, MSRC) and a CVSS 3.1 score indicating high impact, supporting classification as a security vulnerability in AI tooling. Therefore, it should be kept for AVID curation.

References

Affected or Relevant Artifacts

  • Developer: Microsoft
  • Deployer: Microsoft
  • Artifact Details:
TypeName
SystemJupyter Extension for Visual Studio Code

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score7.8
Base Severity🔴 High

CWE

IDDescription
CWE-359CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2023-11-14
  • Version: 0.3.3
  • AVID Entry