2 matches found
CVE-2026-44688
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of markdown images with arbitrary URLs. An attacker can obtain the IP address, browser User-Agent, and potentially other request-specific information of users by embedding image URLs that are...