CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

VS Code Marketplace Extension Name Reuse Vulnerability

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A security flaw in the Visual Studio Code Marketplace allows attackers to republish deleted extensions under the same name. The vulnerability was identified after a malicious extension named 'ahbanC.shiba' was found to mimic previously removed extensions. The flaw enables threat actors to reuse names of previously removed extensions, potentially leading to supply chain attacks. The issue arises because, although each extension must have a unique ID, the name field can be reused if an extension is deleted. This behavior does not apply if an extension is merely unpublished. The same vulnerability exists in the Python Package Index (PyPI) repository, where deleted package names can be reused if the distribution file names differ. This flaw poses a significant risk, as popular extensions could be impersonated by malicious actors.

Timeline

  1. 28.08.2025 20:10 1 articles · 1mo ago

    VS Code Marketplace Extension Name Reuse Vulnerability Discovered

    A vulnerability in the Visual Studio Code Marketplace allows attackers to republish deleted extensions under the same name. The flaw was identified after a malicious extension named 'ahbanC.shiba' was found to mimic previously removed extensions. The issue arises because the name field can be reused if an extension is deleted, but not if it is unpublished. This behavior also affects the Python Package Index (PyPI) repository.

    Show sources

Information Snippets