2 matches found
Missing Origin Validation in WebSockets
Overview @theia/terminal is a Theia - Terminal Extension Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the shell-terminal and terminals/:id WebSocket endpoints when origin validation is bypassed due to missing or manipulated headers. An attacker c...
@eclipse-che/theia-terminal (>=0.0.1-1552991237 <=0.0.1-1566494904), @theia/cpp (>=0.4.0-next.0ce38188 <=0.4.0-next.fc6e8217) +7 more potentially affected by CVE-2019-0542 via xterm (=3.9.1)
xterm NPM version =3.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on xterm and may be impacted: - @eclipse-che/theia-terminal =0.0.1-1552991237, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188,...