Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks

Security researchers discovered high-severity RCE vulnerabilities in the Angular Language Service VS Code extension (Angular.ng-template). One flaw allows JSDoc hover-rendered command links to execute commands due to unsanitized comments and an overly-trusted Markdown renderer; another lets a workspace-configured tsdk path cause the extension to require and run a malicious tsserverlibrary.js, enabling automatic code execution when a project is opened. Both bypass VS Code Workspace Trust, have low attack complexity and no privileges required, and are remediated in release 21.2.4—developers should update immediately and avoid opening untrusted repositories.