448884 matches found
Unsafe Dependency Resolution
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted prompt...
Unsafe Dependency Resolution
Overview @theia/ai-core is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted prompt...
GHSA-M973-PR9R-HP2W [Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...
[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...
[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-core is a Theia - AI Core Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation context ...
Unsafe Dependency Resolution
Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...
Unsafe Dependency Resolution
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversation...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...
Unsafe Dependency Resolution
Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...
Unsafe Dependency Resolution
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversati...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace or conversatio...
Insertion of Sensitive Information Into Sent Data
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the rendering of Markdown image tags in AI chat responses. An attacker can cause sensitive information from the workspace o...