VSCodeVim prior to 1.19.0 allows malicious users to execute arbitrary code via a crafted workspace configuration.
vim project vim