Unsafe Dependency Resolution

Overview @theia/workspace is a Theia - Workspace Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by...

Unsafe Dependency Resolution

Overview @theia/task is a Theia - Task extension. This extension adds support for executing raw or terminal processes in the backend. Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. A...

Unsafe Dependency Resolution

Overview @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a...

GHSA-QWJM-9C66-W4Q4 [Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

GHSA-3JWW-HXQJ-WFQ2 [Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-core is a Theia - AI Core Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation context ...

Unsafe Dependency Resolution

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...

Unsafe Dependency Resolution

Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

Unsafe Dependency Resolution

Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation...

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

Unsafe Dependency Resolution

Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

Unsafe Dependency Resolution

Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversati...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversatio...

Insertion of Sensitive Information Into Sent Data

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace o...