Unsafe Dependency Resolution

Overview @theia/debug is a Theia - Debug Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the processing of custom task definitions from workspace configuration files. An attacker can execute arbitrary commands with the user's privileges by crafting a...

@jpinkney/plugin (>=0.0.1-1583345065 <=0.0.1-1583345396), @theia/debug (>=0.4.0-next.0a1bd791 <=0.4.0-next.fee81ec4) +8 more potentially affected by CVE-2021-28162 via @theia/messages (>=0.10.0-next.a2cdb337 <=0.9.0)

@theia/messages NPM version =0.10.0-next.a2cdb337, =0.0.1-1583345065, =0.4.0-next.0a1bd791, =0.4.0-next.0a1bd791, =0.3.4, =0.8.0, =0.3.19, =0.3.12, =0.13.0, =0.7.0-next.2011dfb2, =0.17.0-next.0d7566df, =0.17.0-next.f5433ece Source cves: CVE-2021-28162 Source advisory: OSV:GHSA-C94V-8FFF-73PH...

@eclipse-che/theia-terminal (>=0.0.1-1552991237 <=0.0.1-1566494904), @theia/cpp (>=0.4.0-next.0ce38188 <=0.4.0-next.fc6e8217) +7 more potentially affected by CVE-2019-0542 via xterm (=3.9.1)

xterm NPM version =3.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on xterm and may be impacted: - @eclipse-che/theia-terminal =0.0.1-1552991237, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188, =0.4.0-next.0ce38188,...