An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text. To exploit the vulnerability, an attacker would need to perform a successful capture of the tokens from client to proxy, where specific proxy settings are being used, making this very difficult to exploit. The update address the vulnerability by modifying the way Visual Studio Code Live Share communicates with clients to proxies.
<a href="https://www.linkedin.com/in/fredrikhoxell/">Fredrik Hoxell</a>