2 matches found
Remote Code Execution (RCE)
@theia/mini-browser is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by viewing the HTML files in an iframe inside the IDE and injecting malicious code via HTML tag...
@popcornsar/che-theia-plugin-ext (>=0.0.2 <=7.4.0), @popcornsar/theia-dashboard-extension (=7.4.0-v1) +30 more potentially affected by CVE-2021-34435 via @theia/mini-browser (>=0.4.0-next.a1023afb <=1.9.0-next.8e53c23f)
@theia/mini-browser NPM version =0.4.0-next.a1023afb, =0.0.2, =0.0.3, =0.2.0-next.0fb80ad8, =1.41.0, =0.1.8, =0.9.0, =0.9.0, =0.9.0, =0.4.0, =0.0.1, =0.0.1, =0.0.1, =0.2.3, =0.3.14 and more Source cves: CVE-2021-34435 Source advisory: OSV:GHSA-V9W2-V7J9-RJPR...