CVE-2020-17023

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’.
Source: NIST
CVE-2020-17023