The host is installed with visual studio code Language Support for Java extension before 0.72.0 and is prone to a remote code execution vulnerability. The flaws are present in the extension, which fails to handle unspecified vector. Successful exploitation could lead to arbitrary code execution.