3 matches found
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
CVE-2019-17636
The CVE-2019-17636 entry concerns Eclipse Theia (versions 0.3.9–0.15.0) where the default pre-packaged extension @theia/mini-browser exposes an HTTP endpoint to read arbitrary host filesystem files by path. The described flaw allows remote exploitation via DNS rebinding or drive-by download, enab...