Malicious Commands in GitHub Codespaces Enable RCE Risk
⚠️Orca Security researchers disclosed multiple attack vectors in GitHub Codespaces that can produce remote code execution simply by opening a malicious repository or pull request. By embedding commands in repository configuration files—specifically .vscode/tasks.json, .vscode/settings.json and .devcontainer/devcontainer.json—an attacker can execute code, exfiltrate tokens and access secrets without further user interaction. Microsoft confirmed the behavior is "by design" and points to trusted-repository controls to limit cross-environment impact.
