A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.

Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX