2 matches found
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...
@jpinkney/plugin (>=0.0.1-1583345065 <=0.0.1-1583345396), @popcornsar/che-theia-plugin-ext (=7.4.0) +14 more potentially affected by CVE-2021-41038 via @theia/plugin-ext (>=0.10.0-next.a2cdb337 <=1.18.0-next.99)
@theia/plugin-ext NPM version =0.10.0-next.a2cdb337, =0.0.1-1583345065, =0.7.0-next.2011dfb2, =0.8.0, =0.3.12, =0.13.0, =0.7.0-next.2011dfb2, =0.17.0-next.0d7566df, =0.0.17, =0.0.6, =0.0.6, =0.0.6, =0.0.6, =0.0.19 and more Source cves: CVE-2021-41038 Source advisory: OSV:GHSA-W6V7-W58J-PG5R...