4 matches found
CVE-2021-34436
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution and XXE via the theia-xml-extension. This extension uses lsp4xml recently renamed to LemMinX in order to provide language support for XML. This is installed by default...
CVE-2021-34436
creationtimestamp| type| source ---|---|--- 2021-09-03 00:36:20+00:00| seen| https://t.me/cibsecurity/28247...
CVE-2021-34436
The CVE affects Eclipse Theia 0.1.1–0.2.0, where the default build loads the theia-xml-extension (using lsp4xml, recently renamed LemMinX) to provide XML language support. This extension is installed by default, enabling remote code execution and XXE via the XML support component. Connected docum...
CVE-2021-34436
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution and XXE via the theia-xml-extension. This extension uses lsp4xml recently renamed to LemMinX in order to provide language support for XML. This is installed by default...