25 matches found
EUVD-2021-2115
Malware in sbrugna...
EUVD-2021-0816
Malware in sbrugna...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
(Pwn2Own) Adobe Acrobat Reader DC Net.HTTP.request Exposed Dangerous Method Sandbox Escape
This vulnerability allows remote attackers to escape the sandbox on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Remote Code Execution (RCE)
@theia/mini-browser is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by viewing the HTML files in an iframe inside the IDE and injecting malicious code via HTML tag...
GHSA-V9W2-V7J9-RJPR Remote code execution in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
@popcornsar/che-theia-plugin-ext (>=0.0.2 <=7.4.0), @popcornsar/theia-dashboard-extension (=7.4.0-v1) +29 more potentially affected by CVE-2021-34435 via @theia/mini-browser (>=0.4.0-next.a1023afb <=1.9.0-next.8e53c23f)
@theia/mini-browser NPM version =0.4.0-next.a1023afb, =0.0.2, =0.0.3, =0.2.0-next.0fb80ad8, =1.41.0, =0.1.8, =0.9.0, =0.9.0, =0.9.0, =0.4.0, =0.0.1, =0.0.1, =0.0.1, =0.2.3, =0.3.14 and more Source cves: CVE-2021-34435 Source advisory: OSV:GHSA-V9W2-V7J9-RJPR...
Remote code execution in Eclipse Theia
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
CVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
CVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
Design/Logic Flaw
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
CVE-2021-34435
In Eclipse Theia, versions 0.3.9 through 1.8.1 are affected by a vulnerability in the built-in mini-browser extension that previews HTML files in an iframe inside the IDE. The issue arises from how the preview rendering is implemented, enabling a maliciously crafted HTML file viewed in the iframe...
CVE-2021-34435
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...
Eclipse Theia 访问控制错误漏洞
Eclipse Theia is the Eclipse Foundation's suite of open source Integrated Development Environment frameworks for desktop and web applications based on Visual Studio Code. An access control error vulnerability exists in Eclipse Theia versions 0.3.9 through 1.8.1, which stems from a "mini-browser"...
PT-2021-20529 · Eclipse · Eclipse Theia
Name of the Vulnerable Software and Affected Versions: Eclipse Theia versions 0.3.9 through 1.8.1 Description: The issue allows a previewed HTML file to trigger a remote code execution RCE in the Eclipse Theia IDE, specifically through the "mini-browser" extension. This exploit occurs when a user...
GHSA-F7VX-J8MP-3H2X Insufficient Verification of Data Authenticity in Eclipse Theia
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
CVE-2019-17636
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
Design/Logic Flaw
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...
CVE-2019-17636
The CVE-2019-17636 entry concerns Eclipse Theia (versions 0.3.9–0.15.0) where the default pre-packaged extension @theia/mini-browser exposes an HTTP endpoint to read arbitrary host filesystem files by path. The described flaw allows remote exploitation via DNS rebinding or drive-by download, enab...