HIGH
VS Code Vulnerability Enables One-Click GitHub Token Theft
Researcher Ammar Askar published full technical details and a proof-of-concept exploit for a VS Code vulnerability that allows stealing a victim’s GitHub authentication token with a single click. The researcher gave Microsoft approximately one hour’s notice before public disclosure, citing frustration with the disclosure process. Developers using VS Code with GitHub integration should apply available patches immediately and rotate any GitHub tokens that may have been accessible from affected installations.