4 matches found
@jpinkney/plugin (>=0.0.1-1583345065 <=0.0.1-1583345396), @theia/debug (>=0.4.0-next.0a1bd791 <=0.4.0-next.fee81ec4) +8 more potentially affected by CVE-2021-28162 via @theia/messages (>=0.10.0-next.a2cdb337 <=0.9.0)
@theia/messages NPM version =0.10.0-next.a2cdb337, =0.0.1-1583345065, =0.4.0-next.0a1bd791, =0.4.0-next.0a1bd791, =0.3.4, =0.8.0, =0.3.19, =0.3.12, =0.13.0, =0.7.0-next.2011dfb2, =0.17.0-next.0d7566df, =0.17.0-next.f5433ece Source cves: CVE-2021-28162 Source advisory: OSV:GHSA-C94V-8FFF-73PH...
CVE-2021-28162
creationtimestamp| type| source ---|---|--- 2021-03-13 00:55:51+00:00| seen| https://t.me/cibsecurity/24877...
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28162
The vulnerability CVE-2021-28162 affects Eclipse Theia