The remote code execution bug, tracked as CVE-2020-1192, is exposed when Microsoft's VS Code Python extension loads workspace settings from a file from a notebook, such as Jupyter.