8 matches found
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-1699
CVE-2026-1699 concerns the Eclipse Theia Website repository. The issue: the GitHub Actions workflow .github/workflows/preview.yml used the pull_request_target trigger while checking out and executing untrusted PR code. This allowed any GitHub user to run arbitrary code in the repository’s CI envi...
Eclipse Theia – Website security vulnerabilities
Eclipse Theia - Website is an development environment framework created by the Eclipse Foundation. There is a security vulnerability in Eclipse Theia - Website, which stems from the use of pullrequesttarget triggers in GitHub Actions workflows to execute untrusted code. This vulnerability may lea...
PT-2026-5388
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull request target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access t...