5 matches found
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...
Improper Verification of Communication Channel in @theia/plugin-ext
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...
CVE-2021-41038
In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...
CVE-2021-41038
The CVE-2021-41038 entry concerns the @theia/plugin-ext component of Eclipse Theia (pre-1.18.0). The issue is that Webview contents can be hijacked via postMessage(), caused by improper verification of the communication channel. This mode of exploitation could expose or modify Webview content dep...
Eclipse Theia 安全漏洞
Eclipse Theia is the Eclipse Foundation's set of open source IDE frameworks for desktop and web applications based on Visual Studio Code. A security vulnerability exists in the version of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, which originates from Webview content that...