vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
https://vuln.ryotak.me/advisories/37
https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases/tag/147.0.0
https://github.com/vscode-restructuredtext/vscode-restructuredtext/releases